About
Cybersecurity Analyst specializing in detection engineering, threat analysis, and incident response with hands-on experience in building and tuning detection rules, analyzing attacker behaviors, and strengthening enterprise security monitoring. Skilled in Microsoft Sentinel SIEM, defender EDR, CrowdStrike, scripting (Python, PowerShell), and security automation. Strong understanding of MITRE ATTCK, threat intelligence, vulnerability management, and cloud security fundamentals. Adept at log analysis, correlation, use-case development, documentation, and improving detection coverage to enhance organizational defense maturity.
Skills & Expertise (10)
Work Experience
Cybersecurity Analyst
Tata Consultancy Services
02-2024 - Present
Build, tune, and optimize Microsoft Sentinel detection rules, analytics policies, and behavioral use-cases aligned with MITRE ATT&CK. Identify detection gaps through historical incident analysis, threat intel reports, and attacker TTP research. Develop KQL-based queries, correlation rules, and dashboards to strengthen visibility across endpoints, network, and cloud logs. Integrate threat intelligence feeds into Sentinel to enhance IOC-based and behavior-based detections. Implement SOAR playbooks and automation workflows to reduce response time and false positives. Monitor, analyze, and triage alerts using Sentinel, Defender, and CrowdStrike. Perform evidence collection, memory/log analysis, and containment actions during active incidents. Conduct root cause analysis (RCA), document findings, and drive remediation plans with SOC and engineering teams. Investigate malware activity, suspicious processes, privilege escalation attempts, and lateral movement patterns. Map events and alerts to MITRE ATT&CK techniques to identify attacker behavior and refine detections. Perform deep-dive investigations into anomalous user activity, authentication anomalies, and cloud sign-in patterns. Conduct threat hunting using KQL across endpoint, identity, and network data sources. Improve operational efficiency through repeatable automation and tool integrations. Perform scanning, prioritization, and remediation tracking using Rapid7, Qualys, and MDVM. Reduce false positives through configuration tuning, cross-team validation, and asset accuracy checks. Ensure vulnerability closure aligned with internal SLAs and compliance frameworks. Collaborate with SOC, cloud, IT, and application teams to resolve security issues. Maintain detailed documentation for detections, incidents, RCA, and vulnerability reports for audit readiness. Mentor new analysts on triage best practices, KQL querying, and workflow improvements.
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Current Company
Tata Consultancy Services
Relocation
Open to Relocation