About
Experienced as Security Engineer with around 5 years of experience in Information security. Excellent hands-on experience in Splunk SIEM, EDR, Endpoint security administration, and Phishing email analysis.
Skills & Expertise (54)
Work Experience
Security Engineer
Deloitte
Mar 2021 - Present
Experienced as a Security Engineer in Microsoft ATP Defender, CrowdStrike Falcon, Office 365, Splunk SIEM, and QRadar. Experience in the Rapid7 vulnerability management tool to perform vulnerability scanning and reporting. Conducted investigations on infrastructure through forensic analysis to identify Indicators of Compromise (IOCs). Experience in Data Analytics, Advanced Data Analytics, Visualisation, Advanced Visualisation, Dashboard Customisation, and Advanced Dashboard Customisation in Splunk. Experience in handling technical administration and troubleshooting activities related to M365 Defender suite. Monitor various security tools (Email Gateway, IDS/IPS, EDR, SIEM, etc.) for security events and triage of security incidents. Create SOP for new identified issues and modify existing SOPs as and when required. Publish the same internally. Experience in the Rapid7 vulnerability management tool to perform vulnerability scanning and reporting. Analyse phishing emails reported by users to identify the type of attack, and take immediate remediation. Hands-on experience in creating playbooks, notebooks, runbooks, and automation roles using Azure Sentinel. Monitor, respond to, and analyse trends in workstations, servers, and security-related events. Perform daily, weekly, and monthly scheduled tasks for Defender ATP. Good experience in ticketing tools (ServiceNow, Jira). Good knowledge of the MITRE ATT&CK framework, the diamond model, and other cyber threat kill chains. Good understanding of Azure Active Directory, Azure MFA, and conditional access. Experience with system security concepts, tools, implementation, DLP, CASB, and integration with various data sources and application stacks. Good hands-on experience with Integrated Defender for Endpoint and Microsoft Sentinel to centralise alert management and automate remediation workflows. Creating and fine-tuning use cases and custom detection rules by using the SPL and KQL languages in the Defender and Splunk portals. Monitored Defender for Endpoint alerts and ensured weekend analysts followed proper investigation and containment workflows. Led the onboarding and training of new weekend analysts, focusing on Defender telemetry, KQL queries, and threat hunting best practices. Experience in working on host isolation and advanced threat analysis using EDR and Microsoft Defender ATP. Conducted advanced threat hunting using Defender's telemetry and KQL queries, identifying lateral movement, zero-day exploits, and other security threats. Implemented the playbooks using Azure Sentinel logic apps by a predefined workflow in Azure Sentinel. Developed custom attack surface reduction (ASR) rules and endpoint detection and response (EDR) policies to proactively block ransomware, phishing attempts, and other threats. Knowledge of email security threats and security controls, including experience analysing email headers. Experience in adding and deploying a client onboarding configuration file; Configuration Manager can monitor deployment status, and Microsoft Defender ATP agent health. Experienced in creating policies, whitelisting, and blacklisting applications using MS Cloud App Security. Configure and manage Dashboards, Notebooks, Data Connectors and playbooks in Azure Sentinel, Hunt security threats using Azure Sentinel. Handling SPAM/phishing email submissions from end-users and taking containment steps by further investigating domains and IPs to recommend proper blocking, and creating SPF, DKIM, and DMARC records for the domains to protect against spoofing. Experience in handling technical administration and troubleshooting activities related to the M365 Defender suite. Strong experience in managing Endpoint Agents over Windows and Linux operating systems, Active Directory integrations, and Windows Event Logs. Experienced in triaging Defender alerts, performing root cause analysis, and generating incident reports for executive stakeholders. Collaborated with IT support to troubleshoot onboarding errors, including connectivity issues with Microsoft Defender Security Centre, and missing telemetry data. Developed custom KQL analytics rules and scheduled queries to detect anomalous behaviour, privilege escalation, and lateral movement across hybrid environments. Experience in creating Log Analytics workspaces, creating conditional access policies, and creating detection rules using Defender 365 and Azure Sentinel. Conducted root cause analysis on recurring agent failures, leading to policy adjustments and improved endpoint readiness across multiple business units. Good knowledge and working experience in central logging, log management, and Splunk SIEM architecture. Hands-on experience in analysing the device timeline logs and pulling reports by using advanced hunting in KQL. Collaborated with IT teams to design and deploy robust network security architectures, enhancing overall protection.
Education
B.Tech: E.E.E - Kakinada Institute of Engineering and Technology-II
- 2018 · Afghanistan
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Citizen
Relocation
Open to Relocation