Summary
Overview
Work History
Education
Skills
Websites
Certification
Professional Skill Set
Hobbies and Interests
Training
Awards And Accolades
Personal Information
Accomplishments
Timeline
Generic

Abhishek Narasimhan

Allen,USA

Summary

Dynamic security leader with extensive experience at Securonix, excelling in detection engineering and threat intelligence. Proven track record in enhancing detection coverage and managing high-performing teams. Adept in incident response and penetration testing, I drive innovation and strategic planning to deliver robust cybersecurity solutions. Strong communicator and problem-solver committed to excellence.

Overview

14
14
years of professional experience
1
1
Certification

Work History

Manager, Detection Engineering

Securonix
02.2023 - Current
  • Working as a Manager, Detection Engineering under the Global Analytics Engineering team, I manage a team of 18 People across threat hunters, Parser Developers, Detection operations, Detection Engineers and Threat Researcher
  • I also work at the Principal - Technical Head for Data/Detection and Threat Research team capacity working with product engineering and designing the Delta YAML framework which is similar to sigma but was writing policies for Securonix
  • This is for the vision of Detection-as-Code (DaC), including the development of the API for automated rule creation using Delta
  • The detection content that goes in the master repository after my approval/review will reach 100's of customers who use our product for advanced threat detection across the globe
  • And the customer base sector ranges from IT, Pharma, banking, Teleco, Aviation etc
  • I was managing the part of increasing the detection coverage of MITRE techniques and sub-techniques in our product standing ahead of the competitors in the SIEM sector
  • I create detection content and help customers during the call itself
  • During the process of increasing the MITRE coverage, I did ideate and developed (using the developers) the Attack simulation platform which helped the team to simulate not just the known attacks, even create and execute the custom attacks as well, primarily being the Product Owner/Manager for the same
  • In line with the work with Threat research, I hunt for adversarial infrastructure which are added as part of the advisory as IOCs which are then published for customers and will be sweeped by the Threat Intelligence team across all the customers
  • I handle all the customer escalations and take next steps to sort the customers issues out
  • I am the scrum master for the detection engineering, and also the strategic planner to decide what would be done each quarter and next year as well for Data/Threat Research as well
  • Multiple internal tools were created with a small team of developers I managed at my disposal.

Technical Lead

Securonix
10.2021 - 01.2023
  • Joined as Technical Lead within a couple of months designated as Manager - Detection Engineering under the Securonix Threat Labs
  • I have led a team of 10 People across threat hunters, Developers and Detection Engineers
  • We have created custom use-cases according to customers requirement, and also incase if that would help the rest of the customer base we would add it as part of our master content (but this would be very rare, as custom ones come on their crown jewel applications)
  • Being the scrum master and also the strategic planner for the detection engineering team, it's imperative for me to come up with things that we should do to help our customers
  • During this team I have created process and also quality measures including the automation to test quality plus the validation of use-cases

Lead Domain Analyst - Cyber Security Solution Design

Prevalent AI India Pvt Ltd
07.2021 - 10.2021
  • Working as a Lead Domain Analyst - Cyber security Solution Design covering end to end Use-cases or Analytics creation and delivery of the product to the customers
  • As of now we are delivering analytics based on the customer requirement from a security Risk Perspective including the Threat detection/Risk posture of the organization etc
  • I have implemented the Digital Footprint/Remote Risk/Continuous control monitoring module for one of the biggest fintech
  • Managing a team of 25+ people from various aspects of the project including Devops/Data Engineering/Data Analyst/Domain Analyst/UI/QA
  • We understand what the customer needs and create use-cases based on the requirement (All custom built for each customer)

SOC Lead

Envestnet Yodlee Pvt Ltd
06.2020 - 07.2021
  • Worked as a SOC Lead - Envestnet Security Operations covering 10 Business Units across the global
  • Created Process and procedure to handle incidents/breach, updating the Runbook for the team to follow on the same
  • Implemented the Threat Intel program (start) to track the APT group targeting the financial sector and make sure we are resilient against the attack using Threat Intelligence from Commercial or open source tools
  • Taking Lead during the Incident Response (IR) call in case of Breach or an incident as an Incident Manager/Technical Lead for Forensic Analysis
  • Get the IR report sent to Management on a period basis
  • Managing the team on rotational Shift's
  • I have led the endpoint capability testing from the security front on detection and response coverage (Used various Tool sets from offensive security perspective)
  • Help create content based on the MITRE ATT&CK framework involving Shield as well
  • Built a lab for both Malware Analysis and Attack simulation
  • The Tools that has been used are as well: Splunk ES, Crowdstrike, DarkTrace, Recorded Future, ZeroFOX, AccessData FTK, Qualys Vulnerability Management, Falcon Sandbox

Technical Lead - Cyber Threat Detection Engineering

Securonix India Pvt Ltd
07.2016 - 06.2020
  • Worked as a Technical Lead - Cyber Threat Detection Engineering (Content Development) for Global Threat and Content Team
  • Also Working with the Product Team to get the Content Productized, Creation of Connector (API, Pre-proc) with Developers working, and Suggestion of New features or changes to Product (like Threat Model Framework, etc.)
  • And has also covered the POC area during my initial tenure with Securonix may be 10 Plus POCs in less than 6 months
  • I have been in the core technical interview team, and also trained the Freshers as well on the Product in terms of Creation of content and Threat Monitoring
  • Also have provided training to our partners and clients like HP, Siemeo, TechM, etc
  • Now working with the CTA Team and also creating Dashboards for the Snypr Product that we have to provide value to the customer
  • And interested in Big-data Analytics, and working on Deep Learning, and see where it can be used
  • POC done for 10+ clients in less than 6 Months
  • Implemented the UEBA/SIEM for 1 year, and added value to the customers SOC team, as well as Trained them
  • This also Includes Parsing for Non-supported events and Use-case creation as well
  • Managed around 20 Team Members to handle the Projects across APAC/EMEA regions
  • Creation of Contents including Use-cases/Parsers/Dashboards, etc for customers
  • Gave Presentation/Demo during a conference, and won customers which turned out to be POC's
  • Complete Threat Review and Fine-tuning of the Policy based on Customer Requirement/Env
  • Working with Customers on Use-case Requirements, planning of Data-Source Needed to add value to their request
  • Handle and Maintain the Master Content Across the Board for customers
  • Worked with the Product Team as Product Lead to suggest and work on new Features
  • Creating Parsers, Connectors and Use-cases for new/un-supported Data-Sources
  • Working with the Threat Research Team to come up with Detection Techniques for Failed Security Breach Lessons from the Industry
  • Mapping Use-cases to the MITRE ATT&CK
  • Building Parser and API connectors for cloud based vendor/Data sources
  • Escalation Manager for Any Content Related or Analytics (Use-cases, Dashboards,etc.) across the globe
  • Threat Monitoring and Threat Hunting services for Premium customers
  • Training the New Content Dev Engineers and Handling a Team of 12, and 2 Developers
  • Customer Training on Threat Detection and Monitoring

Security Senior Analyst

Accenture Services Pvt. Ltd
02.2016 - 07.2016
  • Working as a Security Senior Analyst responsible for handling cyber threats and malware infections related to the Infrastructure, time bound monitoring of SIEM solution to detect unusual network behavior and isolate the infected hosts for containment and remediation
  • Triage Collection from Malware Infected hosts using Mandiant Platforms for performing malware analysis and reverse engineering the executable file to identify the Indicators Of Compromise (IOCs)
  • The Logs from the Devices that are monitored are: Palo Alto Panorama, Logpoint(SIEM), Palo Alto Wildfire, TrendMicro, Snow License Manager, Solarwinds

Senior Security Engineer/Team Lead

HCL Technologies
03.2014 - 02.2016
  • Worked as Senior Security Engineer/Team Lead, responsible for Implementation, managing and administering of SIEM tools such as RSA enVision (ver
  • 4.1) and RSA Security Analyst(both SA for Logs & SA for Packets) (ver
  • 10.3 - 10.5) and FireEYE HX-AX-HXDMZ, RSA Ecat, Cisco FireAMP, Nessus
  • Roles and responsibilities include: Maintenance and Health Monitoring of RSA Security Analytics and RSA enVision
  • Installing OS Patches, Installing and renewing Web SSL certs for UI's
  • Implementation, Deployment and Configuring of SARE, Concentrator, Decoder, ESA, Archiver, Malware Analysis servers
  • Deployment of VLC(SA) across Globe
  • User creation/modification/ deletion on SIEM tools
  • Creation & Fine-tuning of Rules/Reports/Charts and ESA Rules
  • Continuously monitoring of Dashboard for Log Volumes, outages, device down, etc
  • Device integration, troubleshooting, follows up with Integration teams in case Support req
  • Writing IOCs in HX for Presence/Execution of Infection in the Endpoint using Threat Intel
  • Deployment of RSA ECAT and Analysis
  • Vulnerability Assessment for Internet Facing Devices through Nessus
  • Event Monitoring through Threat Feeds From RSA Live
  • Constantly Checking for Latest Threats and Updating the Watchlist with the Malicious Domains and IPs
  • Doing Incident Response through Redline tool
  • Co-ordinating with the External Auditing team for VA/PT on Annual Basis for Application and Infra/Infra solutions Penetration Testing
  • Installed and Managing VMware infra for SIRT Team(VLC, Lab, etc.)
  • Handling P1 Incidents, and Forensic Analysis as IR Team Member
  • Leading the L1 Team and Supporting on-call if required
  • Writing Parser for SA for Logs using Event Source Integration(ESI)
  • Supporting L2 Team in case of Clarification regarding the Incident
  • Working on Implementation of CIF(Collective Intelligence Framework)
  • A go-to Guy for Any support

Security Engineer

HCL Technologies
03.2011 - 03.2014
  • Worked as a Security Engineer, Responsible for Managing and Administering for Cisco ASA, Checkpoint R65, R71.20, R77.40, Websense WCG, McAfee EEPC, RSA SecurID, McAfee Vulnerability Manager, SIEM Tool RSA Envision, And also log monitoring of the Below Devices through RSA Envision
  • Monitor and analyze log from various devices such as Firewalls (Cisco ASA, Checkpoint, Netscreen)
  • Raising tickets and incidents with respective team in case of any suspicious activity like network attack, DOS attack, etc
  • Maintenance and updating of RSA enVision
  • Installing OS patches, VAM updates and ESU's as released by RSA
  • Provide operational and incident related reports to upper management
  • Creation of new rules, reports and other configuration changes
  • Health and performance reporting specific to SIEM solutions
  • Regular Changes and Operations in Cisco ASA and Checkpoint Firewalls
  • Experience in McAfee EEPC
  • Providing RSA SecurID Software Tokens and Troubleshooting in case of any issue
  • Creation of Users in Checkpoint firewall for VPN Access
  • Handling Vulnerability Assessment for the Internal Security, Network and Internet Hosted Devices through McAfee Vulnerability manager and Following it to Closure on Quarterly Basis
  • Penetration testing for Application or DMZ hosted Devices on Ad-Hoc and Quarterly for HVA using Core-Impact Pro
  • Coordinate for technical issues and participate in problem management activities

Education

MS - Cyber Law And Security

NationalLaw University
Jodhpur
01.2013

B.E - Computer Science And Engineering

Hindustan College of Engineering
Chennai

Skills

  • Network Security
  • Penetration Testing
  • Incident Response
  • Detection Engineering
  • Data Engineering
  • Threat Intelligence
  • Threat Research
  • RSA Envision
  • SA for logs/Packets
  • RSA Ecat
  • FireEYE HX AX-HXD
  • FireAMP
  • Encase
  • FTK
  • Redline
  • Securonix/Snypr

Certification

  • MCRTP (Microsoft Certified Red Team Professional)
  • Certified Red Team Professional(Pentester Academy)
  • Certified Red Team Specialist (Cyberwarfare Labs)
  • CPIA (Certified Process Injection Analyst)
  • EvilGinx Mastery
  • MITRE Adversary Emulation Certified
  • Advanced Cyber Threat Intelligence Analyst (Arcx)
  • Adversary Infrastructure Hunter (Intel-ops)
  • MITRE Purple Team Certified
  • MITRE Threat hunting and Detection Engineering certified
  • ACE(AccessData)
  • Certified Hi-Tech Forensics Investigator
  • Incident Response and Advanced Forensics
  • OSForensics Triage
  • MVM(McAfee)
  • Nessus Certified Professional
  • Drone Wi-Fi Hacking(Hijacker)

Professional Skill Set

Network Security, Penetration Testing, Incident Response, Detection Engineering, Data Engineering, Threat Intelligence, Threat Research, RSA Envision, SA for logs/Packets, RSA Ecat, FireEYE HX AX-HXD, FireAMP, Encase, FTK, Redline, Securonix/Snypr

Hobbies and Interests

  • Hearing Songs(Any Genre)
  • Long Drive
  • Travelling
  • Pwnedlabs

Training

  • RSA Security Analytics Administration
  • Mandiant In-House IR
  • Core-Impact Pro
  • Advanced Cyber Threat Intelligence
  • Incident Response
  • Threat Modeling
  • Software Product Management

Awards And Accolades

  • Awarded 'Operations Champion' for the Maximum number of Incidents closed and also Customer Satisfaction during the Security Operations at HCL Technologies.
  • Awarded 'Spot Award' for Restoration of RSA Envision back after a NAS Failure.
  • Won Special Prize in 'MADJAM Ideapreneur' for Security Analytics held across HCL Globally.
  • Awarded Customer Success R & R for Delivery of contents and Threat Review/Monitoring in Securonix.
  • 'Detection Engineer of the Year Award' Global 2018 at Securonix.
  • 'Best Content Developer of the Year Award' Global 2019 at Securonix.

Personal Information

  • Father's Name: Mr. Narasimhan
  • Date of Birth: 12/08/88
  • Marital Status: Married

Accomplishments

  • Awarded “Operations Champion” for the Maximum number of Incidents closed and also Customer Satisfaction during the Security Operations at HCL Technologies.
  • Awarded “Spot Award” for Restoration of RSA Envision back after a NAS Failure and Restoration of RSA A-serv/LC. And also for the Implementation of RSA Security Analytics for Logs & Packets at HCL Technologies.
  • Won Special Prize in “MADJAM Ideapreneur” for Security Analytics held across HCL Globally.
  • Awarded Customer Success R & R for Delivery of contents and Threat Review/Monitoring in Securonix.
  • Detection Engineer of the Year Award” Global 2018 at Securonix.
  • Best Content Developer of the Year Award” Global 2019 at Securonix.

Timeline

Manager, Detection Engineering

Securonix
02.2023 - Current

Technical Lead

Securonix
10.2021 - 01.2023

Lead Domain Analyst - Cyber Security Solution Design

Prevalent AI India Pvt Ltd
07.2021 - 10.2021

SOC Lead

Envestnet Yodlee Pvt Ltd
06.2020 - 07.2021

Technical Lead - Cyber Threat Detection Engineering

Securonix India Pvt Ltd
07.2016 - 06.2020

Security Senior Analyst

Accenture Services Pvt. Ltd
02.2016 - 07.2016

Senior Security Engineer/Team Lead

HCL Technologies
03.2014 - 02.2016

Security Engineer

HCL Technologies
03.2011 - 03.2014

MS - Cyber Law And Security

NationalLaw University

B.E - Computer Science And Engineering

Hindustan College of Engineering
Abhishek Narasimhan