Skills & Expertise (1)
Work Experience
Security Consultant
NEXTQBICLE SOFTWARE TECHNOLOGIES
04-2024 - Present
Monitoring, analyzing, and responding to infrastructure threats and vulnerabilities. Collecting the logs of all the Windows, Linux, and network devices and analyzing the logs to find suspicious activities. Handling spam and phishing email submissions from end-users, taking containment steps by further investigating domains and IPs to recommend proper blocking, and creating SPF, DKIM, and DMARC records for the domains to protect from spoofing. Experience in handling and deploying the Defender agents into servers to onboard into Defender, and troubleshooting agent connectivity issues using the MDE Client Analyzer. Experienced in creating conditional access policies, and fine-tuning the ASR rules in Defender 365 and in Intune. Escalating the security incidents based on the client's SLA, and providing meaningful information related to security incidents by doing in-depth analysis of events, which makes the customer's business safe and secure. Participated in fine-tuning use cases, and custom detection rules, by using the SPL and KQL languages in Defender and Splunk portals. Experience in working on host isolation and advanced threat analysis using the EDR Microsoft Defender ATP. Taking the appropriate action based on advisories, IOCs, identifying threat actors using MITRE ATT&CK, etc., and coordinating with the respective team to block the IOCs. Creating mail flow rules and policies over the Exchange Admin Centre to block/unblock any kind of sender address, domain, and subject match. Working in the Security Operation Centre (24x7), monitoring SOC events, and detecting and preventing intrusion attempts. Good knowledge of MITRE ATT&CK, diamond model, or other cyber threat kill chains. Strong knowledge and working experience of Office 365 email gateway solutions, completely owning, managing, monitoring, and administering the email security stack and policies for both on-premises and cloud environments, including Office 365 email security solutions. Experience in a 24x7 SOC environment, as part of a team or independently, to analyze alerts and log data promptly and effectively. Assess the severity and impact of potential threats to accurately prioritize alerts and incidents. Conduct in-depth analysis of security events, collaborating directly with customers to escalate and thoroughly investigate incidents. This involves understanding the scope, impact, and root cause of incidents to tailor the response effectively.
Security Analyst
Cognizant
03-2021 - 12-2022
Good knowledge of MITRE ATT&CK, diamond model, or other cyber threat kill chains. Experienced in conducting investigations of static analysis and dynamic analysis of IOCs using sandbox environments. Working experience in a SOC environment with hands-on experience using the SIEM Splunk tool, which includes log analysis, fine-tuning existing correlation rules to reduce false positives, and responding to incidents. Excellent critical thinking and analytical skills, organizational skills, and the ability to work as part of a team. Experience with IR and forensic investigations within cloud environments such as AWS, and Azure. Experienced in creating endpoint health check reports on a daily basis, troubleshooting agent-related issues, and producing compliance reports for sharing at the client level. Strong understanding of Security Operations and Incident Response process and practices. Good knowledge in analyzing different malicious executables and documents. Good understanding of Azure Active Directory, Azure MFA, and conditional access. Perform health checks for AV infrastructure, and distribute reports regularly. Experience in providing end-to-end support to enterprise counterparts, identifying the root cause of sophisticated enterprise initiatives, with endpoint security solutions, Microsoft Defender ATP. Experience with compliance tickets and advisory for blacklisting of IOC’s using endpoint security. Extensive experience in ticketing tools (ServiceNow, Jira). Experience in handling and deploying the Defender agents into servers to onboard into Defender, and troubleshooting agent connectivity issues using the MDE Client Analyzer. Escalating the security incidents based on the client's SLA, and providing meaningful information related to security incidents by doing in-depth analysis of events, which makes the customer's business safe and secure. Extensive experience in conducting in-depth investigations by collecting package data and live response in the Defender portal. Analyze and investigate the alerts in the SOC monitoring tool to report any abnormal behavior's, suspicious activities.
Security Analyst
Sonata software limited
01-2023 - 04-2024
Participate in hunt missions using threat intelligence, analysis of anomalous log data, and results of brainstorming sessions to detect and eradicate threat actors. Splunk SIEM monitoring includes license monitoring, indexer storage volume monitoring, Splunk application daily health-check monitoring, and event and incident monitoring. Configure and manage dashboards, notebooks, data connectors, and playbooks in Azure Sentinel. Hunt security threats using Azure Sentinel. Execute swift containment and remediation measures for identified security incidents, employing predefined response strategies to isolate affected systems, and prevent further compromise. Conduct in-depth analysis of security events, collaborating directly with customers to escalate and thoroughly investigate incidents. This involves understanding the scope, impact, and root cause of incidents to tailor the response effectively. Proactively participated in the creation and enhancement of processes and procedures, such as Security Playbooks. Performed folder exclusion policies, other device-based policies, and tags in Defender for Endpoint. Refine and optimize analytical rules within the SIEM platform to reduce false positive alerts, enhancing the accuracy and efficiency of threat detection. Experience in vulnerability assessments. Evaluate and prioritize identified vulnerabilities for remediation by collaborating directly with customers. Good knowledge of MITRE ATT&CK, diamond model, or other cyber threat kill chains. Strong knowledge and working experience of Office 365 email gateway solutions, completely owning, managing, monitoring, and administering the email security stack and policies for both on-premises and cloud environments, including Office 365 email security solutions. Strong experience in managing Endpoint Agents over Windows and Linux operating systems, Active Directory integrations, and Windows Event Logs. Monitor, respond to, and analyze trends in workstations and servers for security-related events. Perform daily, weekly, and monthly scheduled tasks for Defender ATP. Strong experience in managing Endpoint Agents over Windows and Linux operating systems, Active Directory integrations, and Windows Event Logs. Monitor various security tools (Email Gateway, IDS/IPS, EDR, SIEM, etc.) for security events, and triage security incidents.