About
Sr Security Engineer with around 9 years of progressive experience in cybersecurity. Proven expertise in assessing business systems to identify risks, address compliance issues, and implement effective, long-term security solutions that strengthen protection and operational resilience.
Skills & Expertise (24)
Work Experience
Sr Security Engineer
Turvo India Pvt ltd
Mar 2026 - Present
Integrated Microsoft Defender for Endpoint with the Azure cloud security ecosystem to enable centralised endpoint visibility, threat detection, automated investigation, and incident response across enterprise environments. Implemented role-based access controls (RBAC) within Azure and Defender portals to segregate responsibilities between SOC analysts, cloud administrators, and incident responders. Configured Azure Log Analytics Workspace integration for centralised ingestion of endpoint alerts, security events, device inventory, and behavioural telemetry from Defender for Endpoint. Configured CrowdStrike Falcon Data Connector in Sentinel for the ingestion of detection events, incident alerts, audit logs, and endpoint telemetry into Log Analytics Workspace. Configured automated response playbooks using Azure Logic Apps to isolate compromised endpoints, block malicious IP addresses, trigger email notifications, and create ServiceNow/JIRA tickets. Integrated CrowdStrike incidents with Sentinel incident management workflows for centralised SOC monitoring and investigation. Tuned Sentinel analytics rules and CrowdStrike detections to reduce false positives, improve SOC alert quality, and enhance operational efficiency. Integrated Defender for Endpoint telemetry with Microsoft Sentinel for centralized alert correlation, incident creation, automated enrichment, and advanced threat hunting workflows.
Security Engineer
DSV Global Business Services (DB Schenker)
Aug 2023 - Feb 2026
Experience in adding and deploying a client onboarding configuration file; Configuration Manager can monitor deployment status, and Microsoft Defender ATP agent health. Hands-on experience installing, configuring, and managing Rapid7 Insight Agents across Windows and Linux endpoints to enable continuous vulnerability assessment. Configured and managed scheduled vulnerability scans in Rapid7 InsightVM, including scan templates, scan engines, asset groups, and scan frequencies. Performed authenticated and unauthenticated scans to identify system, application, and network vulnerabilities, with accurate risk scoring. Integrated Microsoft Purview with security tools such as Microsoft Sentinel to enhance threat detection, incident response, and compliance visibility. Hands-on experience in creating playbooks, notebooks, runbooks, and creating automation roles using Azure Sentinel. Experience in working on host isolation and advanced threat analysis using EDR and MS Defender ATP. Configured Data Loss Prevention (DLP) policies in Microsoft Purview to monitor, detect, and prevent unauthorized data sharing across Exchange, SharePoint, OneDrive, and Teams. Managed weekend support operations for a team of 5+ Security Analysts in India, ensuring 24/7 coverage for global SOC functions and incident response. Led the onboarding and training of new weekend analysts, focusing on Defender telemetry, KQL queries, and threat hunting best practices. Integrated Defender for Endpoint with Microsoft Sentinel to centralise alert management and automate remediation workflows. Collaborated with IT support to troubleshoot onboarding errors, including connectivity issues with Microsoft Defender Security Centre, and missing telemetry data. Monitored Defender for Endpoint alerts and ensured weekend analysts followed proper investigation and containment workflows. Developed custom attack surface reduction (ASR) rules and endpoint detection and response (EDR) policies to proactively block ransomware, phishing attempts, and other threats. Developed custom KQL analytics rules and scheduled queries to detect anomalous behavior, privilege escalation, and lateral movement across hybrid environments. Strong experience in managing Endpoint Agents over Windows and Linux operating systems, Active Directory integrations, and Windows Event Logs.
Security Analyst
Cognizant Technology Solutions
Dec 2021 - Sep 2023
Experienced in creating the conditional access policies on Azure Entra ID and managing the RBAC roles in Azure Sentinel. Experience in managing Defender firewall policies, device exceptions, and other security rules via the Defender Intune portal. File blocking, virus definition reporting, and endpoint reporting. Hands-on experience in implementing Privileged Identity Management (PIM) and Privileged Access Management (PAM) controls integrated with Azure Sentinel, including role-based access enforcement, privileged role activation monitoring, alerting, and security incident response, to ensure compliance and reduce privileged access risks. Experienced in triaging Defender alerts, performing root cause analysis, and generating incident reports for executive stakeholders. Built and maintained incident response playbooks using Azure Logic Apps, automating alert triage, ticket creation, and email notifications. Conducted root cause analysis on recurring agent failures, leading to policy adjustments and improved endpoint readiness across multiple business units. Implemented the playbooks using Azure Sentinel logic apps by a predefined workflow in Azure Sentinel. Expertise in building use cases around the NIST and MITRE ATT&CK frameworks to enable detection at various stages of a cyber-attack. Monitor, respond to, and analyse trends in workstations, servers, and security-related events. Perform daily, weekly, and monthly scheduled tasks for Defender ATP. Experienced in writing correlation rules with respect to KQL and SPL languages. Good knowledge and working experience in central logging, log management, and Splunk SIEM architecture. Experienced in creating policies, whitelisting, and blacklisting applications using MS Cloud App Security. Experienced in analysing phishing emails, user-reported emails, and malware emails by using Office 365 and Defender verdicts. Investigate malicious phishing emails, domains, and IPs using open-source tools, and recommend proper blocking based on analysis. Responsible for handling and mitigating attacks related to malware, viruses, spoofing, phishing, spam, and email monitoring. Analysis of phishing emails reported by users to identify the type of attack and take immediate remediation. Maintain accurate records of incidents, investigations, and security-related activities within the incident management platform. Experience in creating runbooks, SOPs, and documents supporting the Security Operations. Experience in AIR (Automated Investigations and Remediation) policies and their implementation. Taking the appropriate action based on advisories, identifying IOCs, recognising threat actors using MITRE ATT&CK, and coordinating with the respective team to block the IOCs.
Security Analyst
Soma Enterprises LTD
Dec 2017 - Aug 2021
Hands-on experience in analyzing the device timeline logs and pulling reports by using advanced hunting in KQL. Working experience in a SOC environment with hands-on experience using the SIEM Splunk tool, which includes log analysis, fine-tuning existing correlation rules to reduce false positives, and responding to incidents. Analyze, contain, and eradicate malicious activity detected from real-time alerts and manual threat hunts. Experience in providing end-to-end support to enterprise counterparts, identifying the root cause of sophisticated enterprise initiatives, with endpoint security solutions such as Microsoft Defender ATP. In-depth knowledge of web application and network attacks, as well as the logs generated by these attacks, to properly investigate security incidents. Analysis of Phish emails reported by users to identify the type of attack, and take immediate remediation. Experience with system security concepts, tools, implementation, DLP, CASB, and integration with various data sources and application stacks. Experienced in designing, creating, and managing user roles and access controls, as well as developing and fine-tuning correlation rules in Splunk Enterprise Security to detect security threats, reduce false positives, and support effective security monitoring, and incident response. Implemented data classification and labelling policies using Sensitivity Labels and Auto-Labelling to protect sensitive information and meet compliance requirements. Hands-on experience with Microsoft Purview for data governance, information protection, and compliance across Microsoft 365 and Azure environments. Splunk SIEM monitoring, which includes licence monitoring, indexer storage volume monitoring, Splunk application daily health-check monitoring, event, and incident monitoring. Refine and optimise analytical rules within the SIEM platform to reduce false positive alerts, enhancing the accuracy and efficiency of threat detection. Experienced in examining suspicious emails for malicious content, and providing recommendations on remediation actions using Office 365. Good understanding of Azure Active Directory, Azure MFA, and conditional access.
Education
B.Tech Mechanical - GVVIT College Of Engineering & Technology
2013 - 2017 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Citizen
Relocation
Open to Relocation
Skills (24)
Click a skill to find developers with the same skill
