About
IT Professional with 5+ years of experience working as Security Analyst in Security Operation Centre team (SOC). Hands on experience with SIEM tool for logs monitoring and analysis on SOC and SIEM and security solutions like EDR, IPS/IDS, Email Security, Data loss prevention, Web security, Malware Analysis etc.
Skills & Expertise (26)
Work Experience
Security Analyst
Trane Technologies
Oct 2020 - Apr 2022
Threat Detection and Monitoring EDR (Endpoint Detection and Response) continuously monitoring endpoint activities (files, processes, registry changes), and SIEM (Security Information and Event Management) alerts from multiple sources to detect suspicious behavior across the organization. Investigating endpoint telemetry such as process trees, command-line activity, and file hashes to investigate attack patterns and identify root cause. Monitoring alerts based on predefined rules and threat intelligence and isolating infected endpoints, terminating malicious processes, or blocking files. Documenting Incident report with all details such as the incident timeline, affected systems, actions taken, and evidence collected to ensure compliance with regulations and internal security policies. Preparing and tracking daily, weekly, monthly reports and health checks.
Process Associate
Genpact
Oct 2017 - May 2019
Managing the team member. Helping the customer with technical support. Generating the sale. Keeping a record of the accomplishment of the sale for the team. Providing the best service & Building customer relationship. Worked for GoDaddy process as a sales executive.
Consultant
Capgemini India PVT LTD
May 2022 - Feb 2023
Monitoring 24x7 for P1, P2, P3 alerts in SOC operations for real-time monitoring, analyzing logs from various security/Industrial appliances by using SIEM tools. Development of processes and procedures to improve incident response times, analysis of incidents with respect to Security Kill Chain in overall SOC functions. Performing Real-Time Monitoring, Investigation, Analysis, Reporting and Escalations of Security Events from Multiple log sources. Experience in hunting for adversaries and identifying the TTP's of threat actors and mapping them against MITRE att&ck framework. Responsible for triaging variety of alerts with regards to IDS, Next Generation Firewalls, Anti- Virus, Malware, C&C Communication, Vulnerabilities. Knowledge of email security threats and security controls, including experience on analyzing email headers, Attachments and URL’s. Remediation of Threats and Malware by analyzing the detections through EDR with the help of SHA-256, MD5 values, executed Application, File behavior, purpose of the file, Network information of the file. Performing threat Analysis in EDR by deep diving for threats, anomalies, IOC’s and cyber related disruptions on endpoints based on the tactic and technique. Working on EDR by evaluating them to identify risks and track findings for mitigating risk and remediation of Threats and Malware by analyzing the detections with the help of Hash, executed Application, file behavior, purpose of the file, Network information of the file and then blacklisting the hash of the file based on the Reputation. Create various reports for remediation, Change tracking on demand basis. Reviewing URL’s and categorizing them in Zscaler to prevent users from accessing malicious websites. As part of continuous improvement, review all incidents to improve response processes and actionable intelligence. Where possible move manual process over to automation and orchestration (Demisto). Expert in handling targeted/large Phishing campaigns by finding and blocking IOCs as part of proactive measures by investigating emails reported by end users and responding with appropriate recommendations. Escalating the security incidents based on the client's SL A and providing meaningful information related to security incidents by doing in-depth analysis of event payload, providing recommendations regarding security incidents mitigation which in turn makes the customer business safe and secure.
Associate
Wipro
Jul 2019 - Oct 2022
Monitoring Symantec DLP Incidents with regards to multiple policies and escalating incidents for compliance team if any Data exfiltration happens. Handing Data Ex-filtration and DLP alerts and content filtering (URL Filtering). Configuration, policy creation and fine- tuning and reviewing the policies depending on the client requirements. Collaboration with many departments in the organization to maintain roles, responsibilities, and processes for DLP incident response. Responsibilities included assessing business requirements and designing/implementing data loss protection controls that will protect data and systems in accordance with industry standards and governance/compliance requirements. Working on SLA defined, daily operations, and follow-up with several teams, fine tuning the process and reports, handling incident as per client requirements. Making MOM (Minutes of Meeting) after daily operational meeting as per requirements and turnover the shift updates to the next shift. Creating daily ticket sheets, abnormalities (Spike) reporting, updating Email trackers, Task metrics as per the client requirements and presenting them in Weekly meetings.
Associate-2
KPMG Global
Feb 2024 - Jun 2024
Maintained high availability of Splunk enterprise service. Monitor system infrastructure for capacity planning and optimization. Managed user, role and permission and apps creation. On-board and maintain wide variety of data source, including OS and application logs. Optimize application to reduce impact on resources. Managed configuration and tunning in large Splunk environment. Ensured that company's workstations worked efficiently, stayed connected to the central computer network and telecommunication network, upgraded network by developing, testing, evaluating, and installing enhancements. Designed and implement Splunk infrastructure and support operation activities. Manage multiple assignment, changing priority. Provide general engineering and design support for distributed Splunk environment Maintained network performance by performing network monitoring and analysis, and performance tuning; troubleshooting network problems; escalating problems to vendor(s). Create custom dashboard, write queries and generated reports, set up alert and notification Protected organization's value by keeping information confidential. Creating and fine-tuning custom use cases by using Data model and index base data. Data Assessment for CIM compliance and whitelisting indexes according to the data to specified Data models. Creating Splunk searches for alerts, reports, correlation searches and Dashboards. Experts in Splunk SPL commands and SPL searches. Correlating use cases with miter tactic and techniques. Creating knowledge objects in Splunk examples: lookups, macros, event types, tags etc.
Education
No education history added yet
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (26)
Click a skill to find developers with the same skill
