About
Security Analyst with 4+ years of experience across the Microsoft Security Stack, specializing in SIEM/SOAR using Azure Sentinel and Splunk for threat detection and automated response. Strong expertise in Microsoft Purview DLP (MIP & DLP), Entra ID, and Microsoft 365 administration to secure identities and sensitive data. Hands-on experience with Defender for Endpoint, Microsoft 365 XDR, CrowdStrike, Defender for Cloud (CSPM/CWP), vulnerability management using Qualys and Nessus, CASB solutions including Netskope, and advanced email security with Proofpoint, enabling proactive risk reduction and efficient incident response.
Skills & Expertise (17)
Work Experience
Security Analyst
AECOM Pvt Ltd
Jan 2022 - Present
Monitored and investigated security incidents across Microsoft Defender XDR and SIEM platforms, ensuring timely containment and remediation. Performed proactive threat hunting using KQL, leveraging log correlation and anomaly detection techniques. Monitored and investigated DLP alerts, performed root cause analysis, and recommended corrective actions to strengthen data protection controls and SOC efficiency. Supported Microsoft Purview DLP initiatives, including cloud data classification, policy validation, and compliance enforcement across Microsoft 365 workloads. Designed and enforced Microsoft Purview DLP policies across Exchange Online, SharePoint, OneDrive, and Teams. Automated DLP incident response and compliance reporting using PowerShell and Microsoft Graph API. Administered Azure AD (Entra ID), implementing SSO, SCIM provisioning, Conditional Access, and RBAC for least-privilege accesses. Conducted vulnerability assessments using Nessus and Qualys, remediating critical and high-risk vulnerabilities. Deployed and administered Azure Sentinel (SIEM/SOAR) to enable centralized security monitoring, real-time alerting, and automated incident response. Developed and optimized KQL-based analytics rules and threat-hunting queries, improving detection accuracy and reducing false positives. Designed and maintained Sentinel workbooks and automation playbooks, enhancing SOC visibility and investigation efficiency. Implemented and managed Microsoft Defender XDR, integrating Defender for Endpoint, Office 365, Identity, and Cloud Apps. Automated security response workflows using Logic Apps, PowerShell, and Microsoft Graph API, reducing manual SOC effort. Configured Microsoft Intune policies for Antivirus, Firewall, ASR rules, device compliance, and endpoint security baselines. Strengthened cloud and endpoint security posture through Conditional Access, RBAC, and Zero Trust-aligned controls. Supported continuous security improvement by onboarding new Microsoft security features and tuning detection logic.
Education
BSC - Andhra University
- 2020 · Afghanistan