About
Security professional with over 5 years of experience in endpoint and cloud security, SIEM, and SOC operations. Expertise in threat monitoring, malware analysis, incident response, and vulnerability management. Proven track record of implementing innovative security solutions and ensuring compliance with industry standards.
Skills & Expertise (27)
Work Experience
Senior Software Engineer
Persistent Systems Limited
Oct 2022 - Feb 2025
Hands-on experience in analysing phishing emails and malware emails, performing soft deletes and hard deletes of malicious emails from the email cluster, and adding indicators to the tenant allow list, block list, and based on analysing the IOCs. Experience in AIR (Automated Investigations and Remediation) policies and their implementation. Experienced in managing DLP policies and deploying Purview agents on servers and domain controllers. Experienced in creating conditional access policies and managing licences in Azure Entra ID. Performed folder exclusion policies, device-based policies, and tags in Defender for Endpoint. Good hands-on experience in creating custom detection rules using the KQL language and fine-tuning use cases to reduce false positives in Defender 365 and Azure Sentinel. Configure and manage dashboards, notebooks, data connectors, and playbooks in Azure Sentinel. Hunt for security threats using Azure Sentinel. Good knowledge of analysing different malicious executables and documents. Good understanding of Azure Active Directory, Azure MFA, and conditional access. Experience in supporting, fine-tuning, and troubleshooting correlation searches in Splunk SIEM. Good hands-on experience in creating the SOPs, playbooks, and runbooks using Splunk and Defender, as well as hands-on experience in creating and managing the endpoint health check reports and vulnerability reports to reduce the exposure score. Good hands-on experience in providing KT sessions, training, and assigning tasks to juniors. Experience in creating and maintaining the daily, weekly, and monthly reports of device health status by using Defender ATP. Knowledge of Group Policy Objects, Active Directory security and compliance configurations, and migrating to the Intune administrator console. Experience in working on host isolation and advanced threat analysis using EDR, Microsoft Defender ATP, and other tools. Experience in creating group policies and initiating remote wipe-outs on end devices by using the Intune administrator console. Implemented conditional access policies and integrated Intune with Azure Active Directory for enhanced security, and user authentication. Good knowledge and working experience in central logging, log management, and Splunk SIEM architecture. Configured and optimised Microsoft Defender for Endpoint to enhance protection against malware, ransomware, and advanced threats. Monitoring, analysing, and responding to infrastructure threats and vulnerabilities. Collecting the logs of all the Windows, Linux, and network devices and analysing the logs to find suspicious activities. Handling spam and phishing email submissions from end-users, taking containment steps by further investigating domains and IPs to recommend proper blocking, and creating SPF, DKIM, and DMARC records for the domains to protect against spoofing. Experience in handling and deploying the Defender agents onto servers to onboard into Defender, and troubleshooting agent connectivity issues using the MDE Client Analyser. Experienced in creating conditional access policies and fine-tuning the ASR rules in Defender 365 and Intune. Escalating security incidents based on the client's SLA and providing meaningful information related to security incidents by conducting in-depth analysis of events, which makes the customer's business safe and secure. Creating and fine-tuning use cases and custom detection rules by using the SPL and KQL languages in Defender and Splunk portals. Experience in working on host isolation and advanced threat analysis using the EDR Microsoft Defender ATP. Taking the appropriate action based on advisories, IOCs, identifying threat actors using Mitre ATT&CK, and coordinating with the respective team to block the IOCs. Creating mail flow rules and policies in the Exchange Admin Centre to block or unblock any kind of sender address, domain, and subject match. Working in the Security Operation Centre (24x7), monitoring SOC events, and detecting and preventing intrusion attempts. Good knowledge of MITRE ATT&CK, the diamond model, or other cyber threat kill chains. Strong knowledge and working experience of Office 365 email gateway solutions, completely owning, managing, monitoring, and administering the email security stack and policies for both on-premises and cloud environments, including Office 365 email security solutions. Experience in a 24x7 SOC environment, as part of a team or independently, to analyse alerts and log data promptly and effectively. Assess the severity and impact of potential threats to accurately prioritise alerts and incidents. Conduct in-depth analysis of security events, collaborating directly with customers to escalate and thoroughly investigate incidents. This involves understanding the scope, impact, and root cause of incidents to tailor the response effectively.
Security Analyst
LTI Mindtree
Jun 2019 - Oct 2022
Good knowledge of MITRE ATT&CK, the diamond model, and other cyber threat kill chains. Experienced in conducting investigations of static analysis, dynamic analysis, and IOCs using sandbox environments. Working experience in a SOC environment with hands-on experience using the SIEM Splunk tool, which includes log analysis, fine-tuning existing correlation rules to reduce false positives, and responding to incidents. Participate in hunt missions using threat intelligence, analysis of anomalous log data, and the results of brainstorming sessions to detect and eradicate threat actors. Splunk SIEM monitoring includes licence monitoring, indexer storage volume monitoring, Splunk application daily health-check monitoring, and event and incident monitoring. Hands-on experience in the installation, configuration, and management of Microsoft Exchange Servers 2016 and above. Experience in creating Log Analytics workspaces, creating conditional access policies, and detection rules using Defender 365 and Azure Sentinel. Extensive experience in creating playbooks using Logic Apps, and fine-tuning use cases using KQL. Configure and manage dashboards, notebooks, data connectors, and playbooks in Azure Sentinel. Hunt security threats using Azure Sentinel. Execute swift containment and remediation measures for identified security incidents, employing predefined response strategies to isolate affected systems, and prevent further compromise. Conduct in-depth analysis of security events, collaborating directly with customers to escalate, and thoroughly investigate incidents. This involves understanding the scope, impact, and root cause of incidents to tailor the response effectively. Proactively participate in the creation and enhancement of processes and procedures, such as Security Playbooks. Performed folder exclusion policies, other device-based policies, and tags in Defender for Endpoint. Experience in the Qualys Vulnerability Management tool to perform vulnerability scanning and reporting. Experience with compliance tickets and advisory for the blacklisting of IOCs, and processes using Endpoint Security. Extensive experience in ticketing tools (ServiceNow, Jira). Experience in handling and deploying the Defender agents onto servers to onboard into Defender, and troubleshooting agent connectivity issues using the MDE Client Analyser. Refine and optimise analytical rules within the SIEM platform to reduce false positive alerts, enhancing the accuracy and efficiency of threat detection. Experience in vulnerability assessments. Evaluate and prioritise identified vulnerabilities for remediation by collaborating directly with customers. Strong knowledge and working experience of Office 365 email gateway solutions, completely owning, managing, monitoring, and administering the email security stack and policies for both on-premises and cloud environments, including Office 365 email security solutions. Strong experience in managing Endpoint Agents over Windows and Linux operating systems, Active Directory integrations, and Windows Event Logs. Monitor, respond to, and analyse trends in workstations and servers for security-related events. Perform daily, weekly, and monthly scheduled tasks for Defender ATP. Escalating security incidents based on the client's SLA and providing meaningful information related to security incidents by conducting in-depth analysis of events, which makes the customer's business safe and secure. Strong experience in managing Endpoint Agents over Windows and Linux operating systems, Active Directory integrations, and Windows Event Logs. Monitor various security tools (Email Gateway, IDS/IPS, EDR, SIEM, etc.). for security events and triage security incidents. Experience in configuring and tuning ASR policies in the Microsoft 365 Defender portal.
Education
B.Tech Mechanical Engineering - Vishnu Institute of Technology
- 2019 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (27)
Click a skill to find developers with the same skill
