About
Experienced as Security Analyst with around 4 years of experience in Information security. Excellent hands-on experience in Splunk SIEM, EDR, Endpoint security administration, and Phishing email analysis.
Skills & Expertise (44)
Work Experience
Cyber Security Analyst
Nagarro
Mar 2022 - Present
Experienced as a Security Engineer in Microsoft ATP Defender, CrowdStrike Falcon, Office 365, Splunk SIEM, and QRadar. Experience in Data Analytics, Advanced Data Analytics, Visualisation, Advanced Visualisation, Dashboard Customisation, and Advanced Dashboard Customisation in Splunk. Analyse phishing emails reported by users to identify the type of attack and take immediate remediation. Hands-on experience in creating playbooks, notebooks, runbooks, and automation roles using Azure Sentinel. Collaborated with IT support to troubleshoot onboarding errors, including connectivity issues with Microsoft Defender Security Centre, and missing telemetry data. Good experience in ticketing tools (ServiceNow, Jira). Monitor, respond to, and analyse trends in workstations, servers, and security-related events. Perform daily, weekly, and monthly scheduled tasks for Defender ATP. Experience with system security concepts, tools, implementation, DLP, CASB, and integration with various data sources and application stacks. Developed custom KQL analytics rules and scheduled queries to detect anomalous behaviour, privilege escalation, and lateral movement across hybrid environments. Good hands-on experience with Integrated Defender for Endpoint and Microsoft Sentinel to centralise alert management and automate remediation workflows. Creating and fine-tuning use cases and custom detection rules by using the SPL and KQL languages in the Defender and Splunk portals. Monitored Defender for Endpoint alerts and ensured weekend analysts followed proper investigation and containment workflows. Led the onboarding and training of new weekend analysts, focusing on Defender telemetry, KQL queries, and threat hunting best practices. Experience in working on host isolation and advanced threat analysis using EDR and Microsoft Defender ATP. Conducted advanced threat hunting using Defender's telemetry and KQL queries, identifying lateral movement, zero-day exploits, and other security threats. Implemented the playbooks using Azure Sentinel logic apps by a predefined workflow in Azure Sentinel. Developed custom attack surface reduction (ASR) rules and endpoint detection and response (EDR) policies to proactively block ransomware, phishing attempts, and other threats. Good knowledge and working experience in central logging, log management, and Splunk SIEM architecture. Hands-on experience in analysing the device timeline logs and pulling reports by using advanced hunting in KQL. Collaborated with IT teams to design and deploy robust network security architectures, enhancing overall protection. Experience in creating Log Analytics workspaces, creating conditional access policies, and creating detection rules using Defender 365 and Azure Sentinel. Knowledge of email security threats and security controls, including experience analysing email headers. Experience in adding and deploying a client onboarding configuration file; Configuration Manager can monitor deployment status, and Microsoft Defender ATP agent health. Experienced in creating policies, whitelisting, and blacklisting applications using MS Cloud App Security. Configure and manage dashboards, notebooks, data connectors, and playbooks in Azure Sentinel; hunt security threats using Azure Sentinel. Experience in handling technical administration and troubleshooting activities related to the M365 Defender suite. Conducted root cause analysis on recurring agent failures, leading to policy adjustments and improved endpoint readiness across multiple business units. Experienced in triaging Defender alerts, performing root cause analysis, and generating incident reports for executive stakeholders. Strong experience in managing Endpoint Agents over Windows and Linux operating systems, Active Directory integrations, and Windows Event Logs. Handling SPAM/phishing email submissions from end-users and taking containment steps by further investigating domains and IPs to recommend proper blocking, and creating SPF, DKIM, and DMARC records for the domains to protect against spoofing.
Education
Bachelor of Science - Sri Y N college
- 2016 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Relocation
Open to Relocation
Skills (44)
Click a skill to find developers with the same skill
