Swapnil Chavan

Experience and enthusiastic Consultant in Threat Detection and Incident Response with overall nine years of experience in Cyber Security Incident Response (CSIRT), Cyber Investigations, Threat Hunting, Network security, Information security, SIEM, SOC (Security Operation Centre).

A confident, result-oriented, trustworthy, hardworking, passionate professional with excellent time management skills, analytical knowledge, and a positive attitude seeking a challenging opportunity and growth in the field of cyber security.

• Conduct proactive threat hunting and analysis to identify emerging cyber threats, track threat actor TTPs, and assess the impact of ongoing campaigns using frameworks like MITRE ATT&CK.
• Produce timely and actionable threat intelligence reports, including technical assessments, risk summaries, and recommendations for threat mitigation strategies.
• Utilize threat intelligence platforms like SIEM (Hunters) and EDR solutions to detect, analyze, and respond to security incidents.
• Collaborate with internal stakeholders (SOC, IR, vulnerability management) to integrate threat intelligence into operational workflows and improve detection capabilities
• Participate in the testing, evaluation, and integration of new security monitoring tools, contributing to the enhancement of detection, analysis, and response capabilities.
• Incident Handling Identifying Artifacts, Investigating Incidents, Remediation, Incident Documentation, and Incident Closure.
• Configuration and managing Microsoft 365 Defender, Crowd Strike alert fine tuning, Handles escalated incidents and conducts investigations using various devices such as Splunk, Microsoft 365 Defender, Palo alto Firewall, CrowdStrike, Proofpoint, etc.
• Proactive security incident monitoring, investigation, and mitigation, Conduct static and dynamic malware analysis on an isolated system.
• Investigate malicious phishing emails, domains, and IP addresses and recommend appropriate action based on the findings.
• Proactive threat chasing and hunting events, particularly those that do not trigger alerts., Draft remediation guidance and implement Information assurance best practices to restore affected system. Assisting and advising first-level security analysts.
• Experience in handling multiple attacks like Ransomware, Phishing, compromised user and server and taking action based on IR playbook.
• Review and audit of security incidents to enhance quality and improvement.
• Working on Proofpoint TAP and TRAP to investigate phishing and spam emails.
• Configuration and maintenance knowledge of Checkpoint, Palo Alto, FortiGate firewalls, load balancer, Proxy servers.