About
Security Engineer with 5 years of experience in Information Security, specializing in Splunk SIEM and EDR. Proven expertise in endpoint security administration and phishing email analysis. Demonstrated ability to enhance security protocols and mitigate risks effectively.
Skills & Expertise (69)
Work Experience
Security Analyst
LTI Mindtree
Mar 2021 - May 2024
Splunk tool, which includes log analysis, fine-tuning existing correlation rules to reduce false positives, and responding to incidents. Analyse, contain, and eradicate malicious activity detected from real-time alerts and manual threat hunts. Performed root cause analysis for the incidents reported at the security operations centre. Experience with system security concepts, tools, implementation, DLP, CASB, and integration with various data sources, and application stacks. In-depth knowledge of web application and network attacks, as well as the logs generated by these attacks, to properly investigate security incidents. Monitor the Symantec Endpoint Monitoring console for regular health check-ups of systems. Experienced in creating PIM roles and managing the RBAC roles by using Sentinel. Experienced in creating reports for clients, such as the endpoint health check report, and vulnerability exposure score level report. Strong understanding of security tools and processes such as SIEM, IDS, XDR, SOAR, malware analysis, attack simulation tools, and vulnerability scanners. Strong hands-on experience with cloud providers (AWS, GCP), virtual machines, and onboarding those instances into Defender 365. Deploy, configure, and maintain EDR agents on Windows, macOS, and Linux endpoints. Proactively perform monitoring, investigation, and analysis of SIEM alerts received from multiple devices, which include servers, firewalls, and Office 365. Good hands-on experience in analysing risky user behaviour in Azure AD, revoking user sessions, and resetting passwords if required. Handling SPAM/Phishing email submissions from end-users and taking containment steps by further investigating domains and IPs to recommend proper blocking, and creating SPF, DKIM, and DMARC records for the domains to protect from spoofing. Investigate malicious phishing emails, domains, and IPs using open source tools, and recommend proper blocking based on analysis. Continuously monitoring and interpreting threats using the IDS and SIEM tools. Analyse and investigate alerts in the SOC monitoring tool to report any abnormal behaviours, suspicious activities, or traffic anomalies. Analyse malicious campaigns and evaluate the effectiveness of security technologies. Analysing the phishing emails reported by the employees to the SOC team, and identifying whether the reported email is phishing, spam, or legitimate. Monitoring the triage of insider threats and User Behavioural Analytics (UBA) via broadsheet by using the Tableau tool, creating reports and dashboards, and fine-tuning rules (alert fine-tuning). Creating an incident ticketing system, analysing, managing, and tracking security incidents to closure by coordinating with different teams. Leading operations and monitoring security components 24x7, identifying real-time alerts, events, and log analysis, and investigating incidents on a daily basis for a better workflow environment. Experience in working on host isolation and advanced threat analysis using EDR and Microsoft Defender ATP. Good knowledge and working experience in central logging, log management, and Splunk SIEM architecture. Experience in providing end-to-end support to enterprise counterparts, identifying the root cause of sophisticated enterprise initiatives, and implementing endpoint security solutions such as Microsoft Defender ATP. Experience in adding and deploying client onboarding packages and configuration files; Configuration Manager can monitor deployment status, and Microsoft Defender ATP agent health. Hands-on experience in analysing the device timeline logs and pulling the reports by using advanced hunting in KQL. Experience in Data Analytics, Advanced Data Analytics, Visualisation, Advanced Visualisation, Dashboard Customisation, and Advanced Dashboard Customisation in Splunk. Monitor, respond to, and analyse trends in workstations, servers, and security-related events. Perform daily, weekly, and monthly scheduled tasks for Defender ATP. Good understanding of creating the threat and vulnerability management report with regard to exposed devices, and the impact of the application. Experience in managing Defender firewall policies, device exceptions, and other security rules via the Defender Intune portal. File blocking, virus definition reporting, and endpoint reporting. Knowledge of email security threats and security controls, including experience in analysing email headers using Office 365 and creating several rules using advanced hunting. Strong experience in managing Endpoint Agents over Windows and Linux operating systems, Active Directory integrations, and Windows Event Logs. Experience in performing root cause analysis for data from SIEM, Splunk, and QRadar. Strong experience in managing and deploying Endpoint Agents over Windows and Linux operating systems, Active Directory integrations, and Windows Event Logs. In-depth understanding of the latest techniques used by attackers for persistence, privilege escalation, defence evasion, and lateral movement. Experienced in writing correlation rules with respect to KQL and SPL languages. Experience in managing the team, assigning shifts, providing support for on-call P1-related issues, and clarifying doubts for L1 level. Experienced in writing correlation rules with respect to KQL and SPL languages. Experience in configuring and tuning ASR policies in the Microsoft 365 Defender portal.
Security Engineer
Terrenos Software Technologies PVT LTD
Jun 2024 - Present
Strong knowledge and professional experience in central logging, log management, and Splunk SIEM architecture. Experience in troubleshooting Zscaler client connector issues, ZIA website access, and website functionality. Experience in Data Analytics, Advanced Data Analytics, Visualisation, Advanced Visualisation, Dashboard Customisation, and Advanced Dashboard Customisation in Splunk. Good knowledge of MITRE ATT&CK, the diamond model, and other cyber threat kill chains. Experience in Azure Sentinel, creating playbooks using Logic Apps, and the creation of automation rules to auto-close incidents. Experienced in creating conditional access policies, and whitelisting and blacklisting applications using Microsoft Cloud App Security in Microsoft 365 Defender. Experienced in identifying, detecting, and responding to security incidents and threats in accordance with the defined policies and procedures in Security Operations. Experience in conducting investigations on infrastructure through forensic analysis to identify Indicators of Compromise (IoCs). Working experience in a SOC environment with hands-on experience using the SIEM.
Education
B-Tech, Mechanical Engineering - Vijay Rural Engineering College
- 2013 · Afghanistan
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Citizen
Relocation
Open to Relocation