About
Having 3.11 years experience in Information Security, with security operations including Incident management, Endpoint security and logs analysis through SIEM. Experience of working in 24x7 operations of SOC team, offering log monitoring, security information management. Experience in Security Monitoring and Operation. Experience in SIEM (Security Information and Event Management) tools like Monitoring real-time events using tools like Microsoft Azure sentinel and IBM QRADAR. Filling the Daily health checklist. Created SOP RUNBOOKS for various alerts. Provide first level of threat response for Security Event Management team at Security Operation Centre (SOC). Hands on Experience on Incident response activities - Malware Analysis, Brute force Analysis, Phishing Email Analysis. Perform ongoing monitoring threat analysis. Creating alarms for incident detection.
Skills & Expertise (32)
Work Experience
Security Analyst
Cognizant Technology Solutions
Present - Present
Working on the Microsoft Azure sentinel console for handling the Incidents triggered on daily basis. Good experience in SIEM tools. Good experience in creating the SOP’S. Handling the complete incident management framework cycle right from incident identification, incident containment, performing root cause analysis, suggestion and implementation of preventive and corrective controls and perform network analysis as needed on a case to case basis. Participate in weekly and monthly review calls with Customer. Monitoring and identify positive security events from Microsoft Azure sentinel dashboard during the shift hours and take necessary action for the critical events that is seen during each shift’s hours with deviations for all the environments that we support. Scheduling and performing Vulnerability Scans on client networks to identify the vulnerabilities exist if any and coordinate till closure. Security Incident Response and closure of Incidents within SLA using Service Now. Analysing Phishing related activities and notifying to the users. Preparing daily and weekly dashboard on the security threats. Use the escalation process for multiple users impacting incidents all the time and keep update the management about the progress of incident. Will document the tickets fully with all the action taken for the incident and update it on frequent basis and maintain ticket quality by documenting it with all the required comments. Served as Analyst in SOC operations for real-time monitoring, analysing logs from various security/Industrial appliances. Performing Real-Time Monitoring, Investigation, Analysis, Reporting and Escalations of Security Events from multiple log sources. Contacting the customers directly in case of high priority incidents and helping the customer in the process of mitigating the attacks. Understanding the incident based on to determine whether it’s false or true positive. Troubleshooting SIEM dashboard issues when there are no reports getting generated or no data available. Determine the scope of security incident and its potential impact to Client network recommend steps to handle the security incident with all information and supporting evidence of security events. Good understanding of OWASP Top 10, IDS, IPS, Threat modelling and Cyber Attacks like DOS, DDOS, MITM, SQL Injection, XSS and CSRF. Handling multiple customers globally analysing the customer networks for potential security attacks. Support security incident response processes in the event of a security breach by providing incident reporting.
Education
B Tech, Mechanical Engineering - JNTUA
- · Afghanistan