About
To leverage my skills in cybersecurity and threat analysis to monitor, detect and mitigate security incidents in real time. Dedicated to safeguarding organizational assets by employing advanced tools and techniques, enhancing incident response strategies and contributing to a secure IT environment through proactive threat management and continuous learning.
Skills & Expertise (2)
Work Experience
Security Analyst Intern
Worldsec Technologies
October-2024 - May-2025
Working in a 24x7 Security Operations Center. Monitoring the customer network using Splunk SIEM. Act as first level support for all Security Issues. Analyzing Realtime security incidents and checking whether its true positive or false positive. Performing Real-Time Monitoring, Investigation, Analysis, Reporting and Escalations of Security Events from Multiple log sources. Raising true positive incidents to the respective team for further action. Creating tickets on service now and assigning it to the respective team and taking the follow-up until closure. Escalating the security incidents based on the client's SLA and providing meaningful information related to security incidents by doing in-depth analysis of event payload, providing recommendations regarding security incidents mitigation which in turn makes the customer business safe and secure. Contacting the customers directly in case of high priority incidents and helping the customer in the process of mitigating the attacks. Work closely with business units to ensure that they know what and how to feed data into the SIEM. Co-ordinate with networking teams to maintain and establish communication to remote ArcSight Connectors. Investigate malicious phishing emails, domains, and IPs using Open-Source tools and recommend proper blocking based on analysis. Good knowledge of Splunk Distributed cluster Architecture. Detail knowledge of the working functionality of various components of Splunk such as Indexer, Search head, Heavy forwarder, deployment server etc. Experience in onboarding of data sources with Splunk such as Windows, Linux, Fortinet Firewall etc. Installing Splunk apps and Addon on the Splunk. Experience in installation of Universal forwarder on the servers for logs collection. Responsible for upgrading the Forwarders to the newer versions. Doing the troubleshooting in case any device is not reporting to the Splunk. Knowledge of Creating dashboard, Reports in Splunk. Knowledge and experience in creating Correlation Searches/Rules in Splunk. Working experience searching and Reporting in Splunk having good SPL knowledge. Excellent Hands on experience on Crowdstrike EDR module. Sound knowledge in handling the detections. Good at using performing the searches and building up the report and dashboards. Good at understanding sandboxing reports. Good at creating the policies and managing them. Better understanding on EDR and its operation. Investigated and resolved 100+ security incident monthly using XSOAR, reducing mean time to respond by 25%. Enriched alerts with threat intelligence feeds (e.g. Virus Total) in XSOAR improving incident context and accuracy. Executed and monitored automated playbooks for malware containment, endpoint remediation, and phishing analysis. Reduce incident response time by 30% through the effective use of XSOAR playbook and automation. Improve the efficiency of incident response by using XSOAR to automate containment and remediation steps. Improved the accuracy of incident investigation by leveraging XSOAR enrichment capabilities. Investigated and resolved malware outbreaks by executing XSOAR playbook that contained affected systems and removed malicious files. Reduced the time spent on manual investigation by leveraging XSOAR automation capabilities. Executed playbooks to automate containment and remediation steps, reducing manual effort by X hours per week.
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
No Visa
Relocation
Open to Relocation