About
Security Engineer with 4 years of experience in endpoint/cloud security, SIEM, and SOC operations. Skilled in threat monitoring, malware analysis, incident response, and vulnerability management. Committed to innovative solutions and industry compliance.
Skills & Expertise (35)
Work Experience
Security Analyst
Atos
Sep 2022 - Present
IDS & IPS alert investigation. DLP: MS Purview. AWS cloud security. MS intune administrator. KQL Threat Hunting. Experience in creating Log Analytics workspaces, and creating conditional access policies and detection rules using Defender 365 and Azure Sentinel. Experience in providing end-to-end support to enterprise counterparts, identifying the root cause of sophisticated enterprise initiatives, with endpoint security solutions, Microsoft Defender ATP. Experience in Qualys Vulnerability Management tool to perform vulnerability scanning and reporting. Extensive experience in conducting in-depth investigations by collecting package data and live response in the Defender portal. Analyse and investigate the alerts in the SOC monitoring tool to report any abnormal behaviours, suspicious activities, traffic anomalies, etc. Experience in handling and deploying the Defender agents into servers to onboard into Defender, and troubleshooting agent connectivity issues using the MDE Client Analyser. Perform health checks for AV infrastructure, and distribute reports regularly. Good knowledge in analysing different malicious executables and documents. Good understanding of Azure Active Directory, Azure MFA, and conditional access. Extensive experience in creating playbooks using Logic Apps, and fine-tuning use cases using KQL. Strong experience in managing Endpoint Agents over Windows and Linux operating systems, Active Directory integrations, and Windows Event Logs. Experienced in creating endpoint health check reports on a daily basis, troubleshooting agent-related issues, and producing compliance reports for sharing at the client level. Strong understanding of Security Operations and Incident Response process and practices. Good hands-on experience in creating virtual machines, deploying endpoint agents on them, and managing IAM roles in an AWS environment. Experience with IR and forensic investigations within cloud environments such as AWS, and Azure. Experience in vulnerability assessments. Evaluate and prioritise identified vulnerabilities for remediation by collaborating directly with customers. Good knowledge of MITRE ATT&CK, the diamond model, or other cyber threat kill chains. Strong knowledge and working experience of Office 365 email gateway solutions, completely owning, managing, monitoring, and administering the email security stack and policies for both on-premises and cloud environments, including Office 365 email security solutions. Working experience in a SOC environment with hands-on experience using the SIEM Splunk tool, which includes log analysis, fine-tuning existing correlation rules to reduce false positives, and responding to incidents. Monitor various security tools (Email Gateway, IDS/IPS, EDR, SIEM, etc.). for security events, and triage security incidents. Experienced in conducting investigations of static analysis, dynamic analysis, and IOCs using sandbox environments. Strong experience in managing Endpoint Agents over Windows and Linux operating systems, Active Directory integrations, and Windows Event Logs. Monitor, respond to, and analyse trends in workstations and servers for security-related events. Perform daily, weekly, and monthly scheduled tasks for Defender ATP.
Security Analyst
Thinksynq Solutions Pvt. Ltd
Apr 2021 - May 2022
Monitoring, analysing, and responding to infrastructure threats and vulnerabilities. Collecting the logs of all the Windows, Linux, and network devices and analysing the logs to find suspicious activities. Handling spam and phishing email submissions from end-users, taking containment steps by further investigating domains and IPs to recommend proper blocking, and creating SPF, DKIM, and DMARC records for the domains to protect from spoofing. Experience in working on host isolation and advanced threat analysis using the EDR Microsoft Defender ATP. Taking the appropriate action based on advisories, IOCs, identifying threat actors using Mitre ATT&CK, etc., and coordinating with the respective team to block the IOCs. Creating mail flow rules and policies in the Exchange Admin Centre to block or unblock any kind of sender address, domain, and subject match. Experienced in creating conditional access policies and fine-tuning the ASR rules in Defender 365 and Intune. Escalating the security incidents based on the client's SLA, and providing meaningful information related to security incidents by doing in-depth analysis of events, which makes the customer's business safe and secure. Experience in handling and deploying the Defender agents into servers to onboard into Defender, and troubleshooting agent connectivity issues using the MDE Client Analyser. Good knowledge of MITRE ATT&CK, diamond model, or other cyber threat kill chains. Strong knowledge and working experience of Office 365 email gateway solutions, completely owning, managing, monitoring, and administering the email security stack and policies for both on-premises and cloud environments, including Office 365 email security solutions. Configure and manage dashboards, notebooks, data connectors, and playbooks in Azure Sentinel. Hunt security threats using Azure Sentinel. Conduct in-depth analysis of security events, collaborating directly with customers to escalate and thoroughly investigate incidents. This involves understanding the scope, impact, and root cause of incidents to tailor the response effectively. Hands-on experience in the installation, configuration, and management of Microsoft Exchange Servers 2016 and above. Proactively participate in the creation and enhancement of processes and procedures, such as Security Playbooks. Performed folder exclusion policies, other device-based policies, and tags in Defender for Endpoint. Refine and optimise analytical rules within the SIEM platform to reduce false positive alerts, enhancing the accuracy and efficiency of threat detection. Splunk SIEM monitoring includes licence monitoring, indexer storage volume monitoring, Splunk application daily health-check monitoring, and event and incident monitoring. Participate in hunt missions using threat intelligence, analysis of anomalous log data, and results of brainstorming sessions to detect and eradicate threat actors. Conduct in-depth analysis of security events, collaborating directly with customers to escalate and thoroughly investigate incidents. This involves understanding the scope, impact, and root cause of incidents to tailor the response effectively. Experience in a 24x7 SOC environment, as part of a team or independently, to analyse alerts and log data promptly and effectively. Assess the severity and impact of potential threats to accurately prioritise alerts and incidents. Creating and fine-tuning use cases, and custom detection rules, by using the SPL and KQL languages in Defender and Splunk portals. Working in the Security Operation Centre (24x7), monitoring SOC events, and detecting and preventing intrusion attempts.
Education
B.Tech in E.C.E - Indira Institute of Technology and Sciences
- 2021 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Citizen
Relocation
Open to Relocation
Skills (35)
Click a skill to find developers with the same skill
