Kunal Galani

➤ Leading and mentoring a cloud security team, overseeing daily operations, task assignments, and performance optimization.

➤ Driving cloud security initiatives, ensuring compliance with industry standards and best practices.

➤ Managing end-to-end cloud project onboarding with a focus on security, including infrastructure, application logs, and network security integrations (WAF, Firewall, ATP).

➤ Successfully implemented, migrated, and currently managing Securonix SIEM, handling an event processing rate of 25K EPS for enhanced threat detection and response.

➤ Collaborating with cross-functional teams to implement cloud security best practices and drive continuous improvement.

➤ Managing cloud migrations, security configurations, and architecture reviews to ensure compliance and risk mitigation.

➤ Extensive experience in the administration, integration, and management of Cloud SIEM and Managed Detection & Response (MDR) for a UAE Government Bank, ensuring robust cybersecurity operations.

➤ Successfully implemented and integrated multiple AWS services with Splunk Cloud, enhancing security monitoring, threat detection, and analytics capabilities.

➤ Proficient in managing AWS cloud security accounts, ensuring compliance, proactive threat mitigation, and risk management.

➤ Skilled in overseeing multiple AWS cloud-based projects, including security assessments, deployment, and continuous optimization.

➤ Expertise in managing Cisco Stealthwatch Network Behavior Analytics (NBA) and Cisco ISE-PIC to enhance network visibility, detect threats, and enforce identity-based security policies.

➤ Key contributor to the migration of approximately 200K integrated devices from RSA to Splunk, encompassing diverse network, Linux, and Windows environments, with real-time troubleshooting expertise.

➤Developed and optimized log parsers and regular expressions (regex) for efficient processing of application and network device logs.

➤Proficient in managing correlation rules, generating reports, and creating dashboards on an ad-hoc basis to enhance security visibility and incident response.

➤Experienced in administering the EMC Networker backup process, including configuring target pools, defining backup policies and groups, and managing tape replacements as needed.

➤Successfully completed Splunk Power User and Administrator certifications (Version 8.X), demonstrating expertise in Splunk management and security operations.

➤ Experienced in the administration and monitoring of the IBM QRadar SIEM platform, managing security data for 13 different clients and internal environments.

➤ Proficient in monitoring security offenses through the QRadar console and escalating incidents using the BMC ticketing system for swift resolution.

➤ Skilled in fine-tuning and optimizing approximately 250 security correlation rules within QRadar to enhance detection accuracy and reduce false positives.

➤ Expert in designing and delivering structured security reports for clients on a daily, weekly, and monthly basis.

➤ Experienced in the administration and maintenance of the Splunk platform, utilizing the deployment server to manage Splunk agents, rules, reports, and dashboards.

➤ Proficient in Splunk administration tasks, including system health checks, data retention planning, troubleshooting Splunk components, and integrating/troubleshooting security devices such as Fortinet Firewall/IPS, F5 WAF, Linux, and Windows environments.

➤ Skilled in generating and delivering comprehensive reports for clients on a daily, weekly, and monthly basis.

➤ Proficient in creating and managing vulnerability scanning policies and reports using Nessus Professional.

➤ Hands-on experience with F5 WAF, overseeing application-level traffic analysis and implementing/maintaining security policies to enhance protection.

➤ Proficient in managing Splunk Search Head operations, executing advanced queries on indexers, and overseeing incident handling and problem management through the ServiceNow (SNOW) platform.

➤ Experienced in coordinating with the Incident Response Team to ensure prompt mitigation of application-level attacks, operating system (OS) vulnerabilities, and network security incidents, while maintaining effective communication with clients.

➤ Skilled in analyzing, reporting, and investigating potential security incidents, collaborating with internal support teams to drive efficient resolution and enhance security posture.