About
Detail-oriented and precision-focused Associate Security Analyst with 3.7+ years of experience monitoring, detecting and triaging security incidents in fast-paced enterprise environments. Skilled in SIEM log analysis, endpoint investigations, threat intelligence enrichment and incident escalation. Strong understanding of security concepts like OWASP 10, MITRE ATT&CK, kill chain analysis, common attack vectors, malware behaviour and security best practices. Proven ability to reduce false positives, strengthen alert workflows and strengthen overall security posture.
Skills & Expertise (63)
Work Experience
Associate Security Analyst
UNIFIED POINTS TECH
Jun 2022 - Present
Monitored SIEM platform (Splunk,Qradar) according to severity and triaged alerts and SOC SLA's. Conducted log analysis of windows, Linux, Firewall, proxy, IDS/IPS and EDR telemetry to identify suspicious behaviour. Investigated phishing attempts, malware detections, brute-force attacks and abnormal authentication activity. Used Crowdstrike / Microsoft defender for endpoint to verify detections, isolate endpoints and collect forensic data. Performed IOC enrichment using Virus Total, Anyrun, Talos, AbuseIPDB and other TI sources. Worked on Microsoft O365 email gateway and responsible for analysis of phishing, spam emails. Using Nessus for vulnerability assessment which include assessing the vulnerability status and escalating same to the vulnerability management team and ensuring proper patch management. Upon containing hosts on high severity incidents, I have also requested for incident response (IR) team involvement for taking responsive actions. Contributed to SOC playbook improvements and documented repeatable investigation workflows. Participated in structured threat hunting activities to proactively identify anomalies and potential threats. Performed Root Cause Analysis (RCA) and appropriately handled incidents as per defined incident management framework. Designed, tuned and maintained SIEM detection rules, dashboards and visualizations to enhance threat detection accuracy and reduce false positives. Monitored and investigated DLP alerts across email, endpoint, web and cloud channels to identify potential data exfiltration. Basics of scripting on powershell and python. Worked on ServiceNow, closing the tickets as per SLA. Follow up the incident till the closure. Contacting the customers directly in case of high priority incidents and helping the customer in the process of mitigating the attacks. Creation of daily, weekly and monthly reports summarizing security incidents, alerts and response actions for stake holders.
Education
Bachelor's Degree in Technology - Kakatiya institute of technology and science
- · Afghanistan
