About
Cybersecurity Analyst with 5+ years of experience in cyber risk, compliance, and threat mitigation. Adept at detecting vulnerabilities, closing compliance gaps, and implementing robust security strategies. Skilled in Splunk ES, Azure Sentinel, Microsoft Defender 365, AWS cloud security, and email security to safeguard enterprise environments.
Skills & Expertise (36)
Work Experience
Senior Security Analyst
Wipro
Feb 2021 - Present
Handling spam and phishing email submissions from end-users, taking containment steps by further investigating domains and IPs to recommend proper blocking, and creating SPF, DKIM, and DMARC records for the domains to protect against spoofing. Experienced in creating conditional access policies and fine-tuning the ASR rules in Defender 365 and Intune. Good hands-on experience in creating playbooks, workbooks, and repositories in Azure Sentinel. Experience in handling and deploying the Defender agents onto servers to onboard into Defender, and troubleshooting agent connectivity issues using the MDE Client Analyser. Experience in working on host isolation, advanced threat analysis, and using Microsoft Defender ATP EDR. Proactively participate in the creation and enhancement of processes and procedures, such as Security Playbooks. Good Knowledge in analyzing different malicious executables and documents. Configure and manage dashboards, notebooks, data connectors, and playbooks in Azure Sentinel, and hunt for security threats using Azure Sentinel. Experience in providing end-to-end support to enterprise counterparts, identifying the root cause of sophisticated enterprise initiatives, and implementing endpoint security solutions, such as Microsoft Defender ATP. Extensive experience in conducting in-depth investigations by collecting package data and live response in the Defender portal. Monitoring, analysing, and responding to infrastructure threats, vulnerabilities, and risks. Collecting the logs of all the Windows, Linux, and network devices, and analysing the logs to find suspicious activities. Experienced with Microsoft Entra ID, Active Directory, and endpoint management solutions. Escalating security incidents based on the client's SLA and providing meaningful information related to security incidents by conducting in-depth analysis of events, which makes the customer's business safe and secure. Strong knowledge of cloud security concepts and technologies, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). Analyse and investigate the alerts in the SOC monitoring tool to report any abnormal behaviours, suspicious activities, traffic anomalies, etc. Provided expert advice on the latest cybersecurity trends and threats, guiding company strategy and defence mechanisms. Experience in a 24x7 SOC environment, as part of a team or independently, to analyse alerts and log data promptly and effectively. Assess the severity and impact of potential threats to accurately prioritise alerts and incidents. Good knowledge and working experience in central logging, log management, and Splunk SIEM architecture. Investigating and monitoring network traffic, IDS, firewall, and endpoint security logs using IBM QRadar and Splunk. Insider threat and APT detection, or the understanding and differentiation of intrusion attempts, and false alarms. Good hands-on experience in the integration of AWS and Azure security, implementing the policies, and fine-tuning the rules. Working on an email fraud defence console to secure the environment from hackers, fraudsters, and other threats. Experience in Data Analytics, Advanced Data Analytics, Visualisation, Advanced Visualisation, Dashboard Customisation, and Advanced Dashboard Customisation in Splunk. Taking the appropriate action based on advisories, IOCs, identifying threat actors using Mitre ATT&CK, and coordinating with the respective team to block the IOCs. Participate in hunt missions using threat intelligence, analysis of anomalous log data, and the results of brainstorming sessions to detect and eradicate threat actors. Conduct in-depth analysis of security events, collaborating directly with customers to escalate and thoroughly investigate incidents. Experience in vulnerability assessments. Evaluate and prioritise identified vulnerabilities for remediation by collaborating directly with customers. Monitor, respond to, and analyse trends in workstations and servers for security-related events. Perform daily, weekly, and monthly scheduled tasks for Defender ATP. Knowledge of email security threats and security controls, including experience analysing email headers. Good knowledge of MITRE ATT&CK, the diamond model, and other cyber threat kill chains. Providing threat and vulnerability analysis, as well as security logs from a large number of security devices, in addition to investigating incident response support when there is a threat. Experience in creating endpoint health check reports, vulnerability reports, and creating SOPs according to the latest trends. Working experience in a SOC environment with hands-on experience using the SIEM Splunk tool, which includes log analysis, fine-tuning existing correlation rules to reduce false positives, and responding to incidents. Good hands-on experience in creating virtual machines, deploying endpoint agents on them, and managing IAM roles in an AWS environment.
Education
Msc: Mathematics - SSBN Degree & PG college
- 2020 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Citizen
Relocation
Open to Relocation
Skills (36)
Click a skill to find developers with the same skill
