Avinash Kumar Yadav

[email protected]
Information Security Analyst [email protected]
+91 8750975411/6383782749

linkedin.com/in/avinashbaadshah/
Delhi, India

An IT Professional with 4.1 years of experience in Cyber/Networking Security(Intrusion detection/Prevention, Vulnerability

Assessment and Penetration Testing, Malware analysis, Threat Hunting/Intelligence, LAN/WAN Routing, Switching, DC,
Firewalls, IPS/IDS, SIEM, Proxy, Load-balancer), Linux, Virtualization, SOC (QRADAR SIEM)
Implementation/Administration/Operation Support and Project Management Currently Working with NetConnect Global as
a Senior Information Security Analyst and Providing multi-domain Support and Capable of managing multiple
Vendors/technologies/project s from concept to completion with remarkable deadline looking forward to dynamic career in
core Information security industries as SOC/Cyber security Analyst/Admin/Engineer.

SKILLS

Cyber Security /SOC/SIEM/WAF IBM QRadar/ArcSight/Firewalls

Threat & Vulnerability Management Implementation

Incident Response Monitoring Administration & Reporting

Network and Web application Security Security Solution & Recommendations

Technical trainings.

Security Trainings
OSCP (Penetration Testing Training with Kali Linux)
SANS_SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling
SANS_SEC542: Web App Penetration Testing and Ethical Hacking
SANS_SEC560: Network Penetration Testing and Ethical Hacking
SANS_SEC401: Security Essentials Bootcamp Style
SANS_SEC503: Intrusion Detection In-Depth
Network & Security: CCNA-RS, CCNA-Security, CCNP-RS, CCNP-Security
Firewalls: Check Point Certified Security Administrator (CCSA), FortiGate, Cisco ASAv
Elearnsecurity: PTP, PTS, WAPT, Threat Hunting Professional
EC-Council: CEH v10

Other Domains
F5: Administrator (101-201), Reverse Proxy/Load balancer (LTM), WAF(ASM)
Linux: LPIC (1-2), RHCE, RHCSA
Virtualization: VCP-DCV(VMWARE)
TECHNICAL PROFEICENCY

SIEM: IBM Radar, ArcSight ESM, Logger, Alien Vault, The Hive (Next Gen SIEM).
• Implementation and administration of Security operation centre (IBM QRADAR SIEM, QFLOW,
PCAP, VUNERABLITY MANAGER, RISK MANAGER, INCIDENT FORENSICS, ALIEN VAULT).

Vulnerability Management: Nessus, Qualys, QVM(IBM).

Packet Capture & Analysis: Wireshark, TCPdump, Qradar PCAP.
Threat Analysis: MATD (McAfee Advance Threat Detection), Recorded Future, OllyDbg.
Logs and Event: IDS/IPS, Firewall, WAF, Proxy, Antivirus, AD, End-user.
IPS Signature Analysis: Tipping Point Unity One IPS, Sourcefire, SNORT.
Web Technology: Apache, IIS, nginx (Php, HTML, Java Script, SQL)
Web App Security: OWASP Top 10, ZAP, Burp suite, Nikito
Cisco Switches: 2960, 3560, 3650, 3750, 4500.
• Switching – VLAN, INTER VLAN, STP, PVSTP, MSTP, VTP, VRRP, GLBP, HSRP, ETHER CHANNEL,
LACP, VPC, Port Security.

Cisco Routers: 851, 1700, 1812, 1841, 2800, 2900.

• Working knowledge on routing protocols – Static, RIP, EIGRP, OSPF, BGP, Summarization,
Authentication, Route Filtering, Distribution List, MPLS Basic.
• Upgrading and backups of Cisco router configuration files and IOS Images.

VPN: GRE Tunnel, IPsec, IPsec Security Protocols, IKE, Site-to-Site VPN, Remote Access/SSL VPN.
Process Skill: Information Security Management and Incident Response, ITIL.
Forward proxy: F5 Load-Balancer (LTM).
Reverse-Proxy: Squid Proxy.
Firewalls: Hands on experience of FortiGate, Cisco ASA (ASAv), Checkpoint firewalls.
Working Knowledge Palo Alto firewall, Cyberoam, SonicWALL Firewall.
OS and Server: Windows and Linux
Excellent knowledge of the Networking concepts like IP addressing & Sub netting, TCP/IP,
Ethernet.

Ethical Hacking: OSINT, OWASP TOP 10, NMAP, Metasploit, Exploits, IPS, IDS, Honeypots
DDOS, Buffer overflow, SQL injection, Cross site scripting, Cross site request forgery).
WORK EXPERIENCE
Senior Information Security
Analyst (NetConnect Global)
Apr/2019 – Present
Roles & Responsibilities.
• Analysing Security devices logs (WAF/IPS/IDS/Proxy/Firewall/AD/AV/Endpoint).
• Security Assessment, Design, Implement, automate document solutions leveraging IBMQ Radar,
HP ArcSight and other third-party solutions.
• Supervising and Administering SIEM (ArcSight, IBMQRadar, The Hive) for all kind Events &
Incidents triggering in Real Time, doing Incident Triage for all Incidents in High and Critical
channels and investigating further for Incident Response, mitigation & remediation of the same.
• Implementation of IBMQRadar SIEM, setting up SOC environment and Integration for client
requirements.
• Performing Security Assessment (Web server and Network Security), conducting Vulnerability
Assessment for Web Applications for Security weakness.
• Recommendations and Fine Tuning for decreasing False Positive, Rules and Reports Fine Tuning,
Use Cases for Insider Threats, Compliance and Advance Security.
• MATD (McAfee Advance Threat Detection) analysis for any malware or any suspicious file
detection on any host.
• Doing analysis on basis of Signatures Triggered in IPS Reports on Tipping Point Unity One IPS for
any kind of Web Application or Network Vulnerability for all Inbound and Outbound Traffic.
• Working on Akamai DOS and DDOS Kona alerts for Network and Application based respective
DOS/DDOS alerts, making sure SLA as per the SOP and coordinating with respective Network and
Application Team with our investigation and findings for the mitigation of the same.
• Security Research for new Vulnerabilities, Exploit and its Patch availability in order to strengthen
our Security Infrastructure in proactive manner.

Security Administrator
HCL Services Ltd.
Apr/2016 – Apr/2019 Responsibilities.

1) Managing Qradar appliances (SIEM, PCAP, Incident forensics, Risk Manager VM’s)
2) Creating rules on Qradar to detect attacks/malicious activity and trigger offence (CRE)/(ADE).
3) Adding, classifying and troubleshooting log Sources in Qradar.
4) Enabling Syslog and Win collect on server for log forwarding.
5) Adding, removing and classifying assets manually or dynamically on Qradar.
6) Enabling Net flow/SPAN/Promiscuous port for Qradar flow collection.
7) Enabling Qflow and Network Insight features on Qradar for Deep Packet Inspection.
8) Enabling UBA (User Behaviour Analytics) on Qradar to detect Insider threats.
9) Creating Reference sets for different use cases.
10) Creating network Hierarchy based on customer Infrastructure (Multi-tenancy).
11) Minimizing false positive alerts on Qradar.
12) Creating User/Roles/Security Profiles based on requirement on Qradar.
13) Creating/Extracting Custom properties from events/flow using DSM Editor/Regex and indexing
for search.
14) Enabling X-force to detect and dynamically update the reputational database.
15) Configuring Event/Flow retention bucket.
16) Configuring Nightly backups and Taking On-demand backups.

• Supervising and Administering SIEM (IBMQRadar) for all kind Events & Incidents triggering in
Real Time, doing Incident Triage for all Incidents and investigating further for Incident
Response and mitigation & remediation of the same.
• First level of Troubleshooting when Logs not generating on QRadar Console from Log Sources,
TCPdump to check the logs being sent from Log Source and Received at QRadar Collector or
blocked at Firewall.
• Worked on IBM QRadar and Monitoring the end device and Security devices. Monitor all
systems for functionality and status and Conducts basic troubleshooting and assessment prior
to escalating problems to the systems technical staff.
• Identify, investigates & recognizes security incident based on their signature, behaviour &
escalate respective teams, suggest new use case to reduce false positive and for new rules in
QRadar and Aware the client by New IOC and advice to block the signature at endpoint level.
• Generating custom reports like top communications, blacklisted IP, malwares, top blocked
&Allowed signatures, firewall policy changes, user failed logins on different devices,
Utilization, bandwidth occupancy & URL access.
• Investigation and analysis of Incidents, new Security Trends, Cyber Attacks & Network Attacks
and Creating Weekly, Monthly Trend Analysis Report for strengthening Cyber Security and
Prevention& Mitigation of Cyber Attacks.
• Generating custom reports for IOPA’s (Indicator of Potential Attacks) finding WAF, Firewall,
Proxy, IDS/IPS logs for hits observed in our network and escalating the Suspicious and
Malicious traffic.

Roles and Responsibilities As Network Security Administrator

17) VPN id creation deletion resetting password.

18) Route Diversion (BGP Multihoming).
19) Backup Link testing (BGP).
20) Configuring ACL and NAT on router or Firewall.
21) Monitoring performance network and security devices through daily checklist.
22) Creating Site to Site tunnel of firewalls.
23) Firewall Management- ASA, Checkpoint, Fort iGATE, Cyberoam, SonicWALL 24) Implementing
policy and NAT (SNAT, DNAT) 25) Web filtering.
26) Creating tunnel IPsec, GRE on routers.
27) IPS - blocking based on signature, geo location.
28) Application and URL filtering.
29) Performing vulnerability assessment and penetration testing (VAPT).
30) Monitoring traffic and logs for suspicious activity.
31) Installing RHEL, Centos, Ubuntu (Creating new VM and installing OS either manual or using
kickstart)
32) Adding disk, creating partitions (Static or LVM (Resizing)).
33) Analysing top users by Squid Proxy report.
34) Checking proxy logs if it is blocking, Allowing and blocking sites in proxy.
35) Adding or removing DNS records in bind.
36) Sharing directories on samba severs, assigning permission.
37) Creating and updating repository (YUM, rpm)
38) Managing Local web-based contact portal (apache)
39) Configuring SNMP on new server's or network devices 40) Adding devices in Monitoring tools
(Nagios, SolarWinds) 41) Checking alerts in vSphere.
42) Taking image level (VDP) or snapshot backups before activities.
43) Creating VM's adding resources (Memory, Disk, CPU), installing VMware tools. 44) Adding
LUN to Data store either based on NFS or iSCSI
45) Creating SOP, CR, and RCA as per ITIL process.

Roles and Responsibilities As Linux Administrator

(1) Installation and configuration of Red Hat (both regular & kick-start), Centos and Ubuntu
servers.
(2) User account creation, deletion and management.
(3) Managing file/directory permissions and setting up ACL’s.
(4) Disk and partition Management standard /LVM.
(5) Interrupt the boot process in order to gain access to a system.
(6) Identify CPU/memory intensive processes, adjust process priority with renice, and kill
processes
(7) Locate and interpret system log files and journals
(8) List, create, delete partitions on MBR and GPT disks
(9) Create and configure special permission (SUID, GUID, STICKY)
(10) Create and manage Access Control Lists (ACLs)
(11) TCP/IP Configuration Assigning IP's, TCPdump, Netstat.
(12) Use network teaming or bonding to configure aggregated network links between two Red Hat
Enterprise Linux systems
(13) Managing Services, run level, Targets.
(14) Schedule tasks using at and cron.
(15) Configure firewall settings using firewall-config, firewall-cmd, or iptables
(16) Use firewalld and associated mechanisms such as rich rules, zones and custom rules, to
implement packet filtering and configure network address translation (NAT)
(17) Configure key-based authentication for SSH
(18) Use Boolean settings to modify system SELinux settings (19) Diagnose and address routine
SELinux policy violations
(20) Route IP traffic and create static routes.
(21) Data Compressing, Backup and recovery using tar command.
(22) File system Administration, setting up Disk Quota, configuring backup solutions.
(23) Package administration using RPM and Yum/Configuring YUM Server and YUM Client.
(24) SSH (Key based authentication), Telnet and VNC configurations and troubleshooting.
(25) FTP, NTP, DHCP and NFS Configuration and troubleshooting.
(26) Server performance monitoring and troubleshooting.
(27) Produce and deliver reports on system utilization (processor, memory, disk, and network
Using NMON, SAR)
(28) Syslog server configuration, Analysing System Logs and maintenance.
(29) Nagios monitoring tool configuration and management and Administration.
(30) Configure a system to authenticate using Kerberos
(31) Configure a system as either an iSCSI target or initiator that persistently mounts an iSCSI target
(32) Mail Server installation, configuration and management: Send mail, Postfix Mail server
(33) MySQL server configuration.
(34) SQUID proxy server (Installation/Configuration, Content filtering, Integrating with SARG, AD)
(35) Apache server (Installation, configuration, TLS Security)
(36) DNS (Master, Slave, Caching, Forwarding)
(37) SAMBA server (Enable Windows & UNIX clients for file sharing) (38) Configuring cluster
with Pacemaker

Roles and Responsibilities As Virtualization Administrator

(1) Hands on knowledge in the deployment, configuration, and optimization of VMware

technologies including vCenter Server, ESXi, vMotion, High Availability (HA), Fault Tolerance
(FT), DPM, Storage vMotion, and VMware Workstation.
(2) Virtual Networking (vSwitches, VM Kernel Ports, dvSwitches)
(3) And Virtual Storage (Access Control and VMFS Datastores)
(4) Creation, Management and Configuration of Virtual Machines, Clone and Templates.
(5) Customizing guest operating system on Virtual Machines.
(6) Scanning and configuring LUN for ESXi server
(7) Created DRS and Custom roles for users and Administrators
(8) High availability, Clustering, VMotion, Storage Vmotion.
(9) Server Consolidation with VMware Converter (P2P and P2V Conversions), Virtual to
Physical(V2P)
(10) Snapshot manager tacking and restoring a snapshot.
(11) System Administration-Managing Users, Groups, Roles and Access Permissions.
(12) Setting up and monitoring performance monitoring and capacity planning.
(13) Managing Tasks, Events and Alarms
(14) Configuring and managing ESXi, Virtual Storage, Software iSCSI, NFSDatastore, vSphere HA
(15) Disaster recovery (DR): Installing and Configuring HA and DRS servers, Taking Image of the
servers and creating restore point.
(16) Configure vSphere Data Protection (VDP), taking scheduled and on demand backup and
restoring.
(17) Installation, Configuration and Management of SAN/NAS. (18) Creating Virtual machines using
preconfigured templates.
(19) Exporting and Deploying an OVF template, taking and deleting snapshots.
(20) Worked on VMware and vSphere 5, 6, 6.5
Academic Records

Degree B.Sc. (IT), Alagappa university Pondicherry

Diploma Electronic and communication Engineering

XII CBSE, Delhi.

X CBSE, Delhi.

“I would welcome an opportunity for a personal interview to discuss your organization's needs and the results you can expect from
me in addressing those needs.”
Avinash Kumar Yadav.