Abhinav Goel
Summary
Watchful professional offering comprehensive, hands-on experience identifying, investigating, and responding to information security alerts. Expertise in searching through data-sets to detect threats and anomalies and administering metrics to maintain security processes and controls. Focused on helping businesses safeguard sensitive data from hackers and cyber-criminals.
Overview
8
8
years of professional experience
1
1
Certification
Work History
Incident Response Manager
Marriott International
09.2021 - Current
- Working as an Incident Response Manager, part of global CIRT team and handle mostly True-positive security alerts or complex events
- Handles high priority/critical requests and escalations from SOC team
- Responsible for performing detailed/In-depth analysis/investigation of security incidents & malicious activities using security tools like Splunk, Crowdstrike and analyzing different network logs like Proxy, IDS/IPS, DNS/DHCP etc.
- Experience in finding an approach threat actors take to attacking a network, phishing, port scanning, web application attacks, DDoS, lateral movement
- Knowledge in Windows and/or Linux operating systems, how to investigate them for signs of compromise
- Work on PRP scripts to delete phishing emails from user’s mailbox using PowerShell
- Use ServiceNow (SNOW) as ticketing tool for receiving SIR’s and generating cyber security incident reports for monthly meeting
- Performed UAT testing for SNOW upgrade
- Work closely with Application security team for implementing new/modify use cases
- Perform RTR to suspected machine for putting scripts to gather browser history when required or deleting/downloading malicious files
- Perform forensic acquisition as if when required to share with Forensic team using FTK Imager and F-Response tool
- Used Axiom tool for collecting windows memory image and IOS mobile device and process it
- Perform host/network forensic analysis in support of incident response & utilize prefetch file, Shimcache, Amcache and registry hive when required to investigate further
- Use Crowdstrike tool extensively to analyze process operations, DNS requests, disk operations, Registry operations of machine for any triggered threats
- Performing static/dynamic analysis on fileless Malware using sandbox like Joe and online tools like Disassembler, cyberchef.
- Worked on project for RTR triage script execution on detection and extraction to SNOW using Splunk SOAR functionality
- Implemented custom Anti-Malware and Safe linking policies through Defender for Email security
- Manages and implements work and projects as assigned
- Develops and follows detailed operational processes and procedures to appropriately analyse, escalate and assist in the remediation of information security-related incidents.
Senior Security Analyst
Accenture Solutions Private Ltd
04.2020 - 09.2021
- Handling all L1 and L2 tasks in Cyber security from Notable triggering in Splunk SIEM to creating tickets and investigating different type of Security use cases
- Monitoring the alert on real-time basis and analyze the logs to differentiate between True Positive Alert and False Positive Alert using Splunk
- Analyze threats & perform malware and threat analysis
- Using EDR tools like Endgame, Microsoft defender ATP to implement IOC’s and running advanced hunting queries
- Create incident and monthly reports for leadership review
- Progressive review of detection rule logic and investigation SOPs Supported vulnerability in running security scans on machines in question using buck-security tool
- Worked on forensic analysis and memory acquisition using Mandiant Redline tool
- Used Volatility framework and MemProcFS to analyze the memory , capture forensic evidence during investigation of named incident
- Performed Browser analysis for infected machines using BHE (Browser History Examiner) tool to analyze cookies, caches, downloads
- Worked on ML Tool-kit, Splunk's app for Machine learning for project which provides intelligence on malicious process executions, suspicious commands
- Extensively worked on phishing mails and Blocking / unblocking requested Emails through Proofpoint Email Security gateway Worked on various dynamic data analysis and capturing tools like wireshark, burpsuite to capture PCAP file for further analysis of network using A-packets
- Worked in various cloud environment especially Azure
- Worked on writing/tuning correlation searches in Splunk ES for Security use-case and adding them to Adaptive Response actions using SOAR (Phantom) to investigate it
- Worked on migration from one of SIEM to Azure Sentinel and getting data ingested through data connectors
- Created some of automated Playbook workflow and write basic KQL queries in Azure Sentinel in one of Project POC
- Trains and mentors, the SOC team, new hires and junior IR analysts
SOC Specialist
HCL Technologies Ltd.
08.2016 - 04.2020
- Perform day-to-day SOC operations including monitoring, analysing and responding to cyber threats on clients’ environment using SIEM tools like Splunk, QRadar
- Gain understanding of MITRE ATTACK Frameworks and Cyber Kill Chain Running network discovery mapping to find anomalies on networks Worked on basic penetration testing tools like the Harvester, social engineering toolkit (SET), recon-ng for information gathering
- Worked on various Forensic tools like Velociraptor and Kansa in Powershell for memory acquisition and perform memory analysis like hiberfil.sys, page file, swap file.sys
- Supported the upgradation of Splunk Enterprise server from 7.3.3 to 8.0.5
- Working on getting data inputs in Production environment with all pre and post validation checks via Universal forwarder and DbConnectApp
- Worked extensively on various machine learning projects using python
- Created cluster environment in Splunk from scratch using configuration files and CLI
- Experienced writing Splunk queries to create complex Splunk dashboards
- Written python scripts by using some of Python libraries like: pyew, yara-python for malware analysis and used tkinter, pyAesCrypt for creating malware for testing purpose
- Worked with Splunk architect team and helped in Data Onboarding in Splunk
- I worked on BMC remedy tool for ticketing.
IT Security Engineer
BEL – Bharat Electronics Ltd
- Worked with the development team to design, develop, test and implement the application
- Worked on AS400 servers for performing admin duties and troubleshooting steps
- Automated some scheduled backup tasks in AS400 using Phyton scripts.
- Working on Handling security of servers in remote locations
Education
Bachelor of Technology (Electronics & Comm.) -
BIT
01.2012
Skills
- Security Monitoring
- Computer Forensics
- Incident Response Management
- Security Investigations
- Malware Analysis
- Splunk SIEM
- Python
- Machine Learning
Certification
- SANS certified GIAC Certified Forensics Analyst(GCFA)
- EC-Council certification in incident Handling (ECIH v2)
- Crowdstrike certified Falcon Responder (CCFR) from Pearson VUE
- EC-Council certification in CSA (Certified SOC Analyst) V1
- Certification In Splunk User, Power User and Admin
- Microsoft Azure certification AI-900
- Internship & Research in Deep Learning/Computer Vision from BENNETT University
- 3 days workshop and training on writing KQL queries in Azure sentinel
- Successfully completion certifications in NVIDIA Deep Learning workshop
- Certification in Data Science & Machine Learning using Python from Analytix Labs
- Certification in IT Security and Ethical Hacking from udemy
Secondaryschool
Dewan Public School, CBSE, 2008, 2012, 85%
Work Availability
monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse
Timeline
Incident Response Manager
Marriott International
09.2021 - Current
Senior Security Analyst
Accenture Solutions Private Ltd
04.2020 - 09.2021
SOC Specialist
HCL Technologies Ltd.
08.2016 - 04.2020
IT Security Engineer
BEL – Bharat Electronics Ltd
Bachelor of Technology (Electronics & Comm.) -
BIT
Similar Profiles
Priti GhoshPriti Ghosh
General accountant at Marriott InternationalGeneral accountant at Marriott International
Tatiana DeSouzaTatiana DeSouza
Remote Bonvoy Account Manager and Luxury Reservations at Marriott InternationalRemote Bonvoy Account Manager and Luxury Reservations at Marriott International
Diana HanykDiana Hanyk
Hotel cleaner at Marriott InternationalHotel cleaner at Marriott International