Romal Shah

Experienced Professional with 11+ years of experience as an IT Security Professional in IT Infrastructure, SOC, Information Security, and Cyber Security. Experience on a Cyber Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC). Strong experience collaborating with the security team to enable event forwarding on all domain controllers for centralized security log consolidation into Exabeam, and in implementing Security Information and Event Management (SIEM) systems using HP ArcSight, Splunk ES, Exabeam UBA, and UEBA. Proficient in monitoring and analyzing logs, phishing cases, and incident response operations utilizing cutting edge SIEM, Splunk, SOAR, EDR, Cloud, GCP, AWS and OSINT tools in a SOC environment. Expertise in managing and configuring Active Directory (AD) environments, ensuring the integrity and security of user identity and access management systems. Hands-on experience with Azure Sentinel and KQL to drive continuous improvement in security operations. Proficient in leading Incident triage calls, utilizing a methodical approach to problem identification, monitoring, problem-solving, and resolution. Experience in creating custom security playbooks and automation workflows within Microsoft Sentinel to streamline incident response processes. Experience providing SIEM, security analytics platform, and Log Management Tools including Splunk, Azure Sentinel, IDS/IPS; and guiding SOC team with forensic and malware analysis, virus exploitation, and mitigation techniques. Proven expertise in Active Directory (AD) restructuring, including auditing, cleanup, and implementation of secure, scalable group and access control policies. Strong cybersecurity leadership background, with hands-on experience in incident response, threat mitigation, and compliance with NIST, ISO 27001, HIPAA, and other regulatory frameworks. Skilled in designing and executing secure network architectures, integrating endpoint protection, firewalls, VPNs, and identity access management solutions. Deep understanding of security risk assessment and governance, with experience guiding internal and external audits and implementing corrective action plans. Experience using ThreatConnect Tool for security Analyst operations and the SOAR Tool Monitors, Maintains, and troubleshoots the ThreatConnect Platform Architecture Compliances: Experienced with multiple SIEM technologies (ArcSight, Splunk, QRadar, DLP, LogRhythm) and EDR solutions (Carbon Black). Expert level understanding of Qradar Implementation & its Integration with other N/W devices and Applications and the troubleshooting work. Expert Understanding to develop the complex Use Cases, Universal device support Modules on the QRadar SIEM. Integration of different devices/applications/databases/operating systems with QRadar SIEM. Knowledge of cleaning up log auto - discovered sources in Qradar by identifying duplicates, correcting misidentified log sources, and identifying log sources from their logs. Experience with network and log forensic analysis, malware triage analysis, and disk and memory forensics in one or more of the following: macOS or Linux Extensive experience in implementing and configuring Azure Defender for cloud security. Configuring Defender threat Management and security solution for customers. Hands-on, advanced experience architecting, engineering and managing cloud solutions on AWS, Google, Azure Clouds and Microsoft AI Platform. Recognized areas of improvement for CSOC visibility, incident management and Threat Hunting use cases. Strong understanding of SIEM and SOAR system Expertise in incident response, data analytics, and cybersecurity operations. Strong knowledge in Simplify SOAR and SOAR Automation Use Cases SIEM Platform UEBA and SOAR Platform, Phantom SOAR, ELK stack. Experienced in using ticketing systems such as IBM SOAR (Resilient) and Jira in investigation tracking, threat response, and incident reporting. Experience in implementing Security Incident and Event Management System (SIEM) using HP ArcSight, Splunk ES, Exabeam UBA, and UEBA. Strong understanding of malware analysis, data recovery, information security assurance, network forensics, hacking techniques, and digital forensics experience. Azure engineer on Microsoft Sentinel - Configure the Incident Rules, Data Connectors, Configure Workbook & Playbook. Created documentation for team members on KQL best practices, enhancing overall team proficiency in query development. Strong knowledge in active threat hunter and curator of threat intelligence reports using OSINT & SOCMINT & passionate about defeating 3vil on the internet. Emphasis on monitoring and threat intelligence using various NGFW/UTM features (IDS/IPS), ProtectWise threat hunter (cyber kill chain), Nagios agent monitoring. Expertise in Active Directory design and support (Group Policy Object (GPO), Active Directory (AD) Schema, Organization Unit (OU), LDAP, Sites, Replication, etc.) Experience with network monitoring with SIEM Crowdstrike and Wireshark, Information Security & Network security configuration and functions. Configured and Monitored Azure Sentinel (SIEM - Security Information and event management tool) Knowledge and experience in standard security and regulatory frameworks including ISO 27001/31000, NIST 800 - 71, HITRUST CSF and PCI DSS. Reviewed and revised client privacy and security policies to ensure they comply with HIPAA standards. Performed reviews of Information Flow Control to validate that adequate security controls are in place to meet HITRUST CSF and NIST 800-54 guidelines. Using network monitoring and IDS tools such as Wireshark and Snort. Configuration and maintenance of SIM/SIEMS tool - QRadar, Splunk and Industry Experience with SOC and 24/7 operations.