Hemant Sawant

DOB: 21st Feb 1989

Passport No: J7757377
PAN No: DJSPS7803D

EXECUTIVE SUMMARY

Gained 10+ years of experience in Information Security domain including onsite

experience with different Middle East clients (Banking/Oil & Gas/University/Telecom
sectors).
Experience in SIEM implementation and in Leading and managing SOC operations

Present: -

1. Working as Technical Architect- Security at NTT India.

(May 2020 – Present)

Past: -

2. Working was Manager - MDR Operations at Paladion Networks.

(March 2018 – May 2020)

3. Working was Senior Consultant at Provise Management Consultancy, Abu

Dhabi. (Dec 2016 – March 2018)

4. Working was Security Solution Delivery Engineer at Paladion Networks.

(June 2011 – Nov 2016)

5. Working was Trainee Engineer –D-Tac at Smartlink Network Systems Ltd.

(Nov 2010 – March 2011)

CERTIFICATION:

• AZ-900(Azure Fundamentals)
• HPO-A116 (ArcSight SIEM Certified Admin and Security Analyst)
• SPLK-1001(Splunk Core Certified User)
• CEH-V7
• CCNA certification.
• CCNA Security Certification

Additional Training received: Websense Triton and Palo Alto Firewall.

EDUCATIONAL QUALIFICATION

Qualification School /College Year of Passing

BE (Information Technology) Goa University 2010

12th Goa University 2006

10th CBSE Board 2004

TECHNICAL EXPOSURE

• SIEM Tools (ArcSight, Splunk, LogRhythm, RSA Envision)

• Integration of Log Sources (Network, Database, Antivirus & Operating System)
with SIEM
• Flex Development – parser development and deployment. (Syslog, DB, File
Reader) and integration with SIEM
• Understanding of security aspects.
• Incident handling and management.
• VA using Nessus Security Center.

STRENGTHS

Dedicated and highly motivated towards target achievements. Positive attitude,

friendliness, and flexibility as a team player.

WORK EXPERIENCE WITH NTT LTD (May 2020 – May 2021)

Time Role Client Skills/Responsibilities

Period
May 2020 L4 US Clients • Perform SIEM POC / Onboarding of new Clients /
– Present Gap Assessment.

• Providing training to SOC members

• Engage with NTT Leadership management and

provide inputs in betterment of overall process

• Engage in Customer Escalations/ perform RCA.

• Ensuring team is updated with latest

threats/vulnerability and relevant use case available
in SIEM to detect such scenarios.
WORK EXPERIENCE WITH PALADION NETWORKS (March 2018 – May 2020)

Time Role Client Skills/Responsibilities

Period
March Lead Banking Sector • Level 3/4 escalation point for any incidents that
2018 – are not reported by SOC within committed
May 2020 response time

• Level 3/4 escalation point for any incidents that

are not closed by the Asset owner within
committed response time

• Review corrective action plan created by SOC if

alert is missed.

• Ensure corrective action is taken for any SLA

violations or alerts missed from SOC team

• Review Daily Status Reports to ensure that SOC

operations are going as desired

• Review Monthly MIS reports.

• Engage in discussions with client to understand

expectations and seek feedback on SOC

WORK EXPERIENCE WITH PROVISE MANAGEMENT CONSULTANCY (Dec 2016 –

March 2018)

Time Role Client Skills/Responsibilities

Period
Feb 2017 Gap Assessment Banking Sector • Studied existing SIEM Solution and its
components and found the loops/breach in existing
SIEM architecture and log collection mechanism.
• Prepared the detailed gap assessment report from
people, process and technology gap perspective.
March VA Scanning Entertainment • Scanning of workstations, operating system and
2017 Sector network devices
• Prepared report with appropriate recommendation
for each vulnerability found
April - SIEM Provise Internal • Installation and Configuration of Splunk SIEM
May 2017 Implementation SOC • Integrated event sources and define logging level
& & as per security prospect for event log collection &
SOC Operation Financial Sector monitoring.
SOC • Defining and creation of Usecases (Alerts,
Dashboard and Report)
• Preparing Daily and weekly Report
• Working on Alerts, Incidents
 May 2017 Social Motorsports • Dodged Physical Security by giving expired
Engineering insurance card
(Impersonation) • Roam around the Head office building without
wearing the visitor card.
• Reached users from different department and
asked them for their Laptop on pretext that I am
from helpdesk team and want to install a patch
• Once they handover without asking any question
then inserted USB and ran a batch file creating a
folder on desktop.
June 2017- SIEM Motorsports • Installation and Configuration of Splunk SIEM
March Implementation • Integrated event sources and define logging level
2018 & as per security prospect for event log collection &
SOC Operation monitoring.
• Defining and creation of Usecases (Alerts,
Dashboard and Report)
• Preparing Daily and weekly Report
• Working on Alerts, Incidents

WORK EXPERIENCE WITH PALADION NETWORKS (June 2011- Nov 2016)

Time
Role Client Skills/Responsibilities
Period

• Working on ArcSight in 24x7 environment,

offering log monitoring, security information
management, security device management,
global threat monitoring
• Analyse the logs in real time and raise alerts
June 2011 - Security Remote SOC - ME
thus helps the organization to detect and
May 2012 Operator Banks
prevent security incidents arising from the
threats.
• Performing daily event monitoring and
investigating incidents. Raise incident call
based on the analysis of daily reports, real time
alerts and monitoring dashboards
• Create / Analyse the incidents raised and
review responses to improve use case or
incident criteria to manger efficiently by
reducing false positive.
June 2012 - Onsite SOC -
Security Analyst • Identify custom reporting requirements,
May 2013 Telecom
translate requirements into SIEM technical
specifications and implement changes.
•In addition, also had access to websense triton
and Symantec mail gateway
• Installation and configuration of LogRhythm
SIEM and ArcSight SIEM components
(ArcSight ESM and Express), ArcSight
Middle East Logger, ArcSight Connector Appliance and
June 2013 - SIEM Onsite (Saudi agents.
Nov 2016 Implementation Arabia, Jordan, • Selecting event source and define logging
UAE and Oman) level as per security prospect for event log
collection & monitoring.
• Upgradation of SIEM Components (ArcSight
and LogRhythm)
 • Troubleshooting of issues in log collection or
with ArcSight SIEM Components
•ArcSight Flex Development – parser
development and deployment. (Syslog, DB,
File Reader)
• Defining use cases and creating custom
correlation rule, alerts as per organization
network architecture.

WORK EXPERIENCE WITH SMARTLINK NETWORK SYSTEMS LTD (Nov 2010 –

March 2011)

Time Role Client Skills/Responsibilities

Period
Nov 2010 Trainee US & Canada • Testing of D-Link SOHO segment
– March Engineer Customer networking devices like Routers,
2011 support Modems, Wireless LAN and
Switches, Print servers.

• Technical Product support to D-link

clients on all the D-Link retail segment
products.

ADDITIONAL:

• Conducted 5 days of Lab based ArcSight SIEM training to ME Clients and for few
customers had taken WebEx session on ArcSight SIEM

• Conducted POC on few customer places, showcasing the use cases and benefits
of SIEM

PERSONAL INFORMATION

Date of Birth: 21st Feb 1989

Sex: Male
Marital Status: Married
Nationality: Indian
Linguistic Proficiency: English, Hindi, Konkani.
Hobbies: Playing Cricket and listening to Music.
Permanent Address: House No 77 F, HANS, AquemBaixo, Margao,
Goa-403707

DECLARATION

I hereby declare that all the information furnished above is true to best of my
knowledge.