Ankit Pandagre

• Threat detection and response via Crowdstrike falcon complete. • Assist L1/L2 for security event and initial incident response to detected threats. • Experience in SIEM tools like Symantec SIEM, Splunk, and Elastic Search. • Proficient in Incident Management and Response in a Global SOC environment. • Threat hunting in EDR telemetry data. EDR monitoring – Crowdstrike falcon, Carbon black. • Google cloud protection – cloud armor for DDoS protection. • Playbook and document creation for SOC use cases. Creation of detailed process documentation. • Respond to alerts for security systems such as firewalls, IPS/IDS, SIEM, EDR, WAF, threat and vulnerability management tools working with teams to understand and remediate security vulnerabilities. • Research public and private sources to identify novel threats and attack techniques, and to provide recommendations for detection and mitigation.lg...see more

•Defined and streamlined SOPs. Policy making for Phishing incidents. •Performing in-depth investigation on demand. Investigating detection over Symantec web proxy. • Monitoring and managing ClearSwift email gateway. •Splunk – Security events analysis, Splunk query language. •Managing and adding lexical expression over email gateway. •Preparing weekly and monthly report of security incidents and trends. •Respond to alerts for security systems such as firewalls, SIEM, EDR, and WAF. •Blacklisting Email IDs, Domains on email gateway to block phishing/spam emails. • Investigate cyber threats on a real-time/day-to-day basis, involving alerts, log analysis, event/incident correlations. •Monitoring and managing Sophos AV jumpbox for malware detection and preparing report. •Evaluate the current Security Infrastructure for best practices, and recommend changes to enhance security. lg...see more

• Experienced in working with Symantec Global Security Operations Center. • Worked as SOC analyst for enterprise global security operation center (SOC as service). • Security Incident Monitoring and Response with Symantec SIEM. • Experienced in working with Fortune 500 customers as well as start-up environments in helping and advising to adopt effective measures against cyber threats. • Analyzing various security device logs and predict the threats using various open/close intelligence. • Incident Handling, Incident Management, Intrusion Analysis, Analyzing different kind of security incidents. • Reviewing customer queries and guiding customers with threat remediation strategies and best security practices. • Pre-validate the incidents before it publish to customers. • Forensic analysis to identify artefacts to provide more detail about infected device using Symantec MEDR. • Provide an in-depth investigation/analysis of logs to the escalated cases to the customers. lg...see more

• Monitor global systems looking for potential threats, vulnerabilities and indicators of compromise. •Perform in-depth analysis of security alerts utilizing CrowdStrike EDR. •Provide Incident remediation and prevention documentation and recommendations to customers based on defined procedures and analyst experience. •Document and conform to processes related to security monitoring procedures. •Initiate escalation procedure to counteract potential threats, vulnerabilities and threat actors. •Compilation and review of service focused reporting. • Providing assistance to Senior Cyber Security Analysts on Threat Hunting engagements. • Contributing to the continuous improvement of SOC procedures and documentation.  Perform other duties as assigned.lg...see more