About
3.2 years of experience in Information Security, working as Information security analyst in a 24/7 SOC (Security Operations Centre) environment at Capgemini. Hands-on experience in incident response, threat analysis, remediation of malware, security monitoring and operations. Strong in log analysis, phishing email analysis, incident analysis, and alert triage and prioritization.
Skills & Expertise (22)
Work Experience
Information Security Analyst
Capgemini
Dec 2022 - Present
Monitoring security incidents/offenses using SIEM tool to analyze suspicious or malicious activities. Perform initial alert triage and prioritize incidents on severity, impact and SLA requirements. Analyzing real-time security incidents, investigation, analysis, reporting and escalations of security events from multiple log sources like firewall, IDS/IPS, EDR, proxy etc. Investigate phishing emails, malicious URLs, suspicious attachments and reported security incidents. Escalate confirmed or high severity incidents to L2/L3 teams following incident response procedure and playbooks. Creating the tickets in ticketing tool and updating the trackers once it closed. Experience on performing log analysis, phishing email analysis, malware analysis and investigation of the critical alerts at immediate basis. Conducted IOC analysis and threat intelligence enrichment using open source intelligence(OSINT) tools like VirusTotal, AbuseIPDB, IPVoid, WHOIS.COM to support incident response, threat detection, and proactive security monitoring. Working knowledge on TCP/IP model, OSI model, MITRE ATT&CK framework, and co-relating with real-life scenarios, good communication and collaboration skills. Maintain keen understanding of evolving internet threats to ensure the security of client networks. Investigate malicious phishing emails, domains and IPs using Proofpoint TAP and TRAP dashboard and open-source tools and recommend proper blocking based on analysis. Monitoring and investigating endpoint threats using CrowdStrike Falcon and Microsoft Defender. Conducting vulnerability scans across enterprise assets using Tenable. Carrying out log monitoring and incident triage, investigation, and analysis of alerts from multiple devices such as Firewalls, IDS, IPS, Proxy, web servers and so forth. Communicating with user directly in case of high priority incidents and assisting the user in the process of mitigating the attacks. Involve in preparing daily health checklist and daily, weekly, and monthly report as per client requirements, also handover notes for next shift team.
Education
Diploma in Computer Technology - MSBTE
- · Afghanistan
Bachelor of Engineering in Information Technology - Shivaji University, Kolhapur
- · Afghanistan
