About
Around 4+ Years of hands-on Experience in Security Operations. Incident Response, Endpoint Security, Phishing analysis, Threat Intelligence, Network Security. Good understanding of log formats of various devices such as Web sense, Vulnerability Management Products, IDS/IPS, EDR, Firewalls, WAF, Proxy, Routers, Switches, OS, DB Servers, and Antivirus. Experience in Information Security with emphasis on security operations, Log monitoring, Log management, incident management, and security event analysis through Sentinel & Splunk SIEMs.
Skills & Expertise (54)
Work Experience
Security Analyst
HCL Technologies
Feb 2022 - Nov 2022
Working in Security Operation Centre (24/7), monitoring of SOC events, Detecting and Preventing the Intrusion attempts. Worked for MNC clients, interacting directly with the customers, presenting SOC status reports and completing the action items according to client request. Analyzing the phishing emails which are reported by the employees to the SOC team and identifying whether the reported email is a phishing or spam or legitimate. Performing the phishing campaign and educating the employees. I have a strong understanding of analyzing the cloud logs which comes from Cloud trial, VPC flows logs. Performing the vulnerability assessment and coordinating with patching team to remediate the vulnerabilities. Support escalation and work closely with stakeholders as required. Support requests for data by the customer and other teams analyzing daily, weekly and monthly reports. Analyze and investigate the alerts in SOC monitoring tool to report any abnormal behaviors, suspicious activities, traffic anomalies etc. Differentiate false positives from true intrusion attempts and help remediate/prevent cyber-attacks.
Security Analyst
Arete Consulting
Dec 2022 - Present
Working in Security Operation Centre (24/7), monitoring of SOC events, Detecting and Preventing the Intrusion attempts. Real time monitoring of Network Security devices such IPS, Firewall, DLP, Endpoint Security, Operating system, and Email security, servers, VPN etc. Performing the in-depth analysis to identify root cause of the incidents and performing malware analysis to identify behavior of the files. Analyzing the phishing emails which are reported by the employees to the SOC team and identifying whether the reported email is a phishing or spam or legitimate. Performing the phishing campaign and educating the employees. Creating of Reports in QRADAR & Sentinel. Performing the vulnerability assessment and coordinating with patching team and Business units to remediate the vulnerabilities. Using AV and other analysis tools to perform Malware Analysis and suggesting completing removal of malware from client's environment. Performing daily health checkup of the SIEM solution to make sure all the log sources are reporting the logs into the SIEM platform. Differentiate the false positives from true intrusion attempts and help remediate / prevent. Support escalation and work closely with Business units as required. Provide tuning and filtering recommendations to engineering teams. Supported requests for data by the Business units and other teams analyzing daily, weekly and monthly reports. Taking the appropriate action based on advisories IOCs, identifying threat actor using Mitre ATTACK, etc and coordinating with respective team to block the IOCs. Hunting for the IOCs which are provided advisories and identify if there is any suspicious communication attempts. Analyses and investigate the alerts in SOC monitoring tool to report any abnormal behaviors, suspicious activities, traffic anomalies etc. Conduct analysis of network traffic and host activity across wide array of technologies and platforms. Assisted in incident response activities such as host triage and retrieval, malware analysis, end-user, and remediation efforts.
Education
Bachelor of Engineering - Sir M Visvesvaraya Institute of Technology
- 2020 · Afghanistan