About
Results-driven Security Analyst with 3.5+ Years of hands-on experience in 24x7 SOC operations, SIEM monitoring, incident response, and endpoint security at Genpact India. Proficient in IBM QRadar, Splunk, Azure Sentinel, and Microsoft Defender for Endpoint for alert triage, log correlation, and threat validation. Skilled in phishing analysis, malware investigation, vulnerability alert validation, and multi-source log analysis. Strong working knowledge of MITRE ATT&CK, false positive reduction, and SOC runbook execution. Committed to SLA compliance and high-quality incident documentation.
Skills & Expertise (37)
Work Experience
Security Analyst
Genpact India Pvt. Ltd.
Jul 2024 - Present
Performed 24x7 real-time security monitoring and alert analysis using SIEM platforms (IBM QRadar, Splunk, Azure Sentinel) across enterprise environments. Conducted L1 and L2 alert triage based on severity, impact, asset criticality, and threat context to classify and prioritize security incidents. Investigated Microsoft Defender for Endpoint alerts using device timeline — validated malware detections, suspicious processes, and behavioral anomalies. Performed phishing incident investigations covering header analysis, URL checks, and attachment validation to assess email-borne threats. Correlated logs from multiple sources — Windows Event Logs, firewall logs, endpoint telemetry — to build incident timelines and attack context. Created and managed incident tickets in ServiceNow and Jira; ensured SLA compliance for all assigned cases. Mapped security incidents to MITRE ATT&CK techniques to improve detection accuracy and escalation quality. Generated daily and weekly SOC reports; participated in shift handovers and post-incident review discussions. Investigated suspicious Azure AD / Entra ID login activities including risky sign-ins, impossible travel alerts, and MFA bypass attempts to detect identity-based threats. Performed endpoint investigation and host isolation actions using Microsoft Defender for Endpoint to contain active security incidents and prevent lateral movement. Conducted threat hunting activities using KQL queries in Azure Sentinel to proactively identify hidden threats and anomalous behaviors within the environment. Analyzed network traffic and firewall logs from Palo Alto and Zscaler to detect unauthorized outbound connections, suspicious traffic patterns, and policy violations. Performed malware triage and sandbox analysis using Any.Run to assess threat behavior, identify IOCs, and determine incident impact scope. Validated vulnerability scan findings from Tenable/Nessus and assisted in remediation prioritization based on exploitability and asset criticality. Coordinated with endpoint, network, and infrastructure teams for containment and remediation actions following confirmed security incidents. Monitored email security platforms (Proofpoint, Mimecast) to detect phishing campaigns, BEC attempts, and malware distribution — conducted detailed email header and payload analysis. Differentiated false positives from true security incidents using technical validation; escalated confirmed incidents with detailed analysis, logs, and supporting artifacts to L3 teams. Maintained detailed investigation notes and incident documentation aligned with audit, compliance, and SLA requirements. Monitored and analyzed security events from multiple log sources, including firewalls, EDR solutions, Windows servers, cloud environments, and network devices, to identify and respond to potential threats. Investigated and responded to phishing, malware, unauthorized access, and policy violation incidents, ensuring timely containment, eradication, and recovery actions. Monitored cloud security alerts and audit logs from AWS environments, supporting threat detection and security operations activities.
Security Analyst
Wipro
Nov 2022 - Jul 2024
Monitored and investigated security alerts generated from QRadar, Azure Sentinel, and Splunk; analyzed correlated offenses to determine incident validity. Analyzed authentication anomalies, suspicious login attempts, and privilege misuse alerts to detect unauthorized access and account compromise. Performed IOC enrichment and validation using VirusTotal, AbuseIPDB, Cisco Talos, and OSINT tools to verify malicious indicators. Differentiated false positives from true security incidents using technical validation; escalated confirmed incidents with detailed analysis and supporting artifacts. Executed incident response lifecycle steps — detection, validation, containment, eradication, recovery — per SOC playbooks. Supported IOC blocking and containment actions as per SOC runbooks and standard operating procedures. Reviewed vulnerability alerts from Tenable/Nessus and validated exposure findings with supporting security logs. Monitored email security systems (Proofpoint, Mimecast) to detect phishing and email-borne threats. Assisted in SIEM rule tuning — flagged low-value alerts to improve detection fidelity and reduce alert noise. Maintained detailed investigation notes and incident documentation for audit and compliance. Analyzed AWS service logs (CloudTrail, VPC Flow Logs, GuardDuty) to detect anomalies, unauthorized access, and cloud-based security incidents. Performed forensic analysis on compromised endpoints — collected evidence from network logs, process activity, and event records to support deeper investigations. Conducted security console and log source health checks to identify log ingestion gaps and ensure complete SIEM visibility across all monitored environments. Participated in shift handovers, incident review discussions, and SOC performance reporting to ensure continuity and track detection improvement metrics. Collaborated with L2/L3 analysts on complex escalations — provided detailed triage notes, timeline reconstruction, and supporting evidence to accelerate resolution. Supported onboarding of new log sources into SIEM platforms, ensuring accurate logging, monitoring, and alerting across servers, endpoints, and cloud services.
Education
B.Tech — Computer Science Engineering - Lovely Professional University, Jalandhar, Punjab
2018 - 2022 · Afghanistan
Intermediate (MPC) - Narayana Junior College, Pidathapolur
2016 - 2018 · Afghanistan
SSC (10th Grade) - Vivekananda High School, Nellore
- 2016 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (37)
Click a skill to find developers with the same skill
