About
5+ Years of hands-on Experience in Security Operations. Incident Response, Endpoint Security, Phishing analysis, Threat Intelligence, Network Security. Good understanding of log formats of various devices such as Web sense, Vulnerability Management Products, IDS/IPS, EDR, Firewalls, WAF, Proxy, Routers, Switches, OS, DB Servers, and Antivirus. Experience in Information Security with emphasis on security operations, Log monitoring, Log management, incident management, and security event analysis through Sentinel & Splunk SIEMs. Analyzing the detections and incidents from EDR solutions like Crowd Strike, MS defender and containing the machines and providing real-time response. Having experience in handling incident response in Linux OS and troubleshooting accordingly. Having experience in developing Security content like rules, reports, dashboards in SIEM. Experience in generating Daily, Weekly & Monthly Reports from Sentinel and Splunk and communicating to stakeholders. Agile in investigating security threats such as Malware Outbreaks, DDOS, OWASP T-10 and Phishing Analysis on the network. Having knowledge in integrating log sources along with SIEM and parser creation. Performing the effective phishing analysis and performing phishing campaign using Knowbe4.
Skills & Expertise (53)
Work Experience
Security Analyst - SOC
Astellas
Dec 2020 - Present
Working in Security Operation Centre (24/7), monitoring of SOC events, Detecting and Preventing the Intrusion attempts. Worked for MNC clients, interacting directly with the customers, presenting SOC status reports and completing the action items according to client request. Real time monitoring of Network Security devices such IPS, Firewall, DLP, Endpoint Security, Operating system, and Email security, servers, VPN etc. Performing the in-depth analysis to identify root cause of the incidents and performing malware analysis to identify behavior of the files. Analyzing the phishing emails which are reported by the employees to the SOC team and identifying whether the reported email is a phishing or spam or legitimate. Performing the phishing campaign and educating the employees. I have a strong understanding of analyzing the cloud logs which comes from Cloudwatch, Cloudtrial, VPC flows logs. Development of Reports and Dashboards in Splunk & Sentinel. Performing the vulnerability assessment and coordinating with patching team to remediate the vulnerabilities. I had performed auditing on firewalls to identify the security configuration issues and vulnerabilities using nipper. Using AV and other analysis tools to perform Malware Analysis and complete removal of malware from client's environment. Performing daily health checkup of the SIEM solution to make sure all the log sources are reporting the logs into the SIEM platform. Differentiate the false positives from true intrusion attempts and help remediate / prevent. Support escalation and work closely with stakeholders as required. Document all actions taken during incident investigations and creating the incident report and share to the stake holders. Provide tuning and filtering recommendations to engineering teams. Support requests for data by the customer and other teams analyzing daily, weekly and monthly reports. Taking the appropriate action based on advisories ioc's, identifying threat actor using Mitre ATTACK, etc and coordinating with respective team to block the ioc's. Hunting for the iocs which are provided advisories and identify if there is any suspicious communication attempts. Developing the standard operation procedures based on NIST incident response life cycle. Analyze and investigate the alerts in SOC monitoring tool to report any abnormal behaviors, suspicious activities, traffic anomalies etc. Conduct analysis of network traffic and host activity across wide array of technologies and platforms. Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts. Recognize cyber-attacks based on their signatures. Differentiate false positives from true intrusion attempts and help remediate/prevent cyber-attacks. Analyze malicious campaigns and evaluate effectiveness of security technologies. Worked closely with RedTeam during Purple teaming activities to identify the effectiveness of threat simulation.
Education
Bachelor of Engineering - KLS Vishwanathrao Deshpande Institute of Technology
2018 - · Afghanistan