About
Experienced SOC Analyst proficient in handling security incidents using tools like IBM QRadar, Splunk, Sentinel, SentinelOne, Carbon Black, Falcon CrowdStrike, Microsoft Defender ATP, Palo Alto firewalls, Proofpoint, Mimecast, Qualys Guard, Symantec Endpoint Protection, TrendMicro, and McAfee. Skilled in network traffic analysis, event log review, and system monitoring. Proficient in ServiceNow and Jira for incident tracking. Dedicated to staying updated on emerging threats and improving incident response workflows.
Skills & Expertise (11)
Work Experience
Security Analyst
DXC Technologies
November-2020 - April-2021
Recognized, examined, and verified incidents generated from correlated events using SIEM solutions like IBM QRadar, Splunk, and Sentinel to detect potential security threats. Monitored email security systems like Proofpoint and Mimecast to detect phishing attempts and other email-borne threats, conducting thorough analysis of suspicious emails. Performed detailed log analysis from multiple sources, including network devices, security appliances, and endpoint protection systems, to identify anomalies and malicious activities. Identified and escalated potential security gaps, recommending enhancements to SIEM configurations, alert rules, and security controls. Participated in root cause analysis and system restoration activities, coordinating with IT support teams to resolve underlying issues and prevent recurrence. Conducted regular vulnerability assessments using tools like Qualys Guard, analyzing scan results to prioritize remediation efforts based on risk levels. Articulated security policies, guidelines, and standards to internal teams and external stakeholders, ensuring compliance with organizational security frameworks. Stayed updated on the latest security threats and trends, conducting proactive threat research to anticipate and defend against emerging cyber threats. Created and maintained incident response playbooks and runbooks, standardizing procedures for handling different types of security incidents. Managed anti-virus solutions such as TrendMicro and McAfee, ensuring that all endpoints were adequately protected against malware and other threats. Provided guidance and mentorship to junior analysts, sharing knowledge on best practices for incident detection, analysis, and response. Conducted phishing and email analysis using Proofpoint, Mimecast, and other tools, correlating email headers and content to identify potential threats. Monitored IT systems and network activity for irregularities and anomalies using SIEM and other monitoring tools, ensuring the security of corporate IT assets. Collaborated with cross-functional teams to report infrastructure issues, ensuring that security vulnerabilities were addressed promptly. Developed and presented comprehensive reports on security incidents, trends, and remediation efforts to senior management and clients. Ensured compliance with ITIL disciplines such as Incident, Problem, and Change Management, improving the efficiency and effectiveness of SOC operations. Engaged in threat hunting activities, proactively searching for indicators of compromise (IOCs) across the network and endpoints using advanced analysis techniques. Automated routine SOC processes and workflows using scripts and tools, reducing manual effort and improving the accuracy and speed of incident response. Escalating the security incidents based on the client & SLA and providing meaningful information related to security incidents by doing in-depth analysis of event payload, providing recommendations regarding security incidents mitigation which in turn makes the customer business safe and secure. Implemented and managed EDR solutions like CrowdStrike and Carbon Black, configuring policies and exclusions to optimize security coverage. Performed malware analysis and sandboxing using tools like Falcon CrowdStrike and Cybereason, assessing potential threats to the environment. Performed in-depth analysis of security events using industry-standard frameworks like MITRE ATT&CK, OWASP, and NIST to identify TTPs (tactics, techniques, and procedures).
Security Analyst
DXC Technologies
April-2021 - Present
Recognized, examined, and verified incidents generated from correlated events using SIEM solutions like IBM QRadar, Splunk, and Sentinel to detect potential security threats. Conducted in-depth analysis of security incidents reported through various channels including email, phone calls, and management directions, ensuring timely and accurate responses. Collected and examined logs from Firewalls (Palo Alto), IDS/IPS systems, Windows DC, Cisco appliances, and Antivirus/Antimalware software (TrendMicro, McAfee) to support incident containment and investigation. Undertook initial stages of false positive and false negative analysis, fine-tuning detection rules within SIEM tools like LogRhythm and McAfee to reduce noise and enhance accuracy. Escalated validated incidents to the SOC Lead and higher-tier teams, following predefined protocols to ensure swift incident resolution. Managed and operated EDR solutions including SentinelOne, Carbon Black, Falcon CrowdStrike, and Microsoft Defender ATP to detect and mitigate advanced threats. Opened and managed incidents in ITSM platforms such as ServiceNow and Jira, documenting all details related to logs, alarms, and indicators in compliance with SLAs.
Education
Bachelor of Computer Application
2013 - 2016 · India
Certifications
ITIL Foundation
ITIL · 2021
Certification on IT service management best practices
Certified Ethical Hacker (CEH)
EC-Council · 2020
Certification on ethical hacking and penetration testing
