About
Security Analyst with 5+ years of hands-on experience in Information Security. Skilled in utilizing Splunk SIEM for threat detection and incident response, administering Endpoint Detection and Response (EDR) tools, managing Endpoint Security, and performing detailed Phishing Email Analysis.
Skills & Expertise (39)
Work Experience
Security Analyst
Capgemini
May 2024 - Present
Expertise in using SOAR technologies such as Logic Apps, implementing playbooks, and creating automation rules using Microsoft Sentinel SOAR. Creating and fine-tuning use cases and custom detection rules by using the SPL language in the Splunk portal. Experience in initiating vulnerability scans on end devices and servers for automated reports. Good hands-on experience in creating the SOPs, playbooks, and runbooks using Splunk and Defender, as well as hands-on experience in creating and managing the endpoint health check reports and vulnerability reports to reduce the exposure score. Experience in supporting, fine-tuning, and troubleshooting correlation searches in Splunk SIEM. Strong knowledge and working experience in Office 365 email gateway solutions; fully owning, managing, monitoring, and administering the email security stack and policies for both on-premises and cloud environments, which include Office 365 email security solutions. Configured and managed Microsoft Defender for Cloud to monitor and secure hybrid cloud environments across Azure, AWS, and GCP. Good hands-on experience in creating use cases and custom detection rules in Defender and Azure Sentinel using the KQL language. Experience in creating Log Analytics workspaces, creating conditional access policies, and creating detection rules using Defender 365 and Azure Sentinel. Experienced in automated security tasks using Azure Logic Apps and Defender for Cloud alerts to streamline remediation processes. Extensive experience in conducting in-depth investigations by collecting package data and live response in the Defender portal. Good hands-on experience in managing the P1 bridge call, involving stakeholders, and experience in creating the incident response report for critical incidents. Monitored regulatory compliance across cloud workloads using built-in compliance standards such as ISO 27001, PCI-DSS, and NIST. Hands-on experience in analysing phishing emails and malware emails, performing soft deletes and hard deletes of malicious emails from the email cluster, and adding indicators to the tenant allow list, block list, and based on analysing the IOCs. Experience in vulnerability assessments. Evaluate and prioritise identified vulnerabilities for remediation by collaborating directly with customers.
Security Analyst
Quess Corp Limited (Client: Samsung)
Feb 2021 - May 2024
Strong experience in managing Endpoint Agents over Windows and Linux operating systems, Active Directory integrations, and Windows Event Logs. Experienced in creating and fine-tuning compliance policies and ASR rules using the Intune portal. Extensive experience in conducting in-depth investigations by collecting package data and live response in the Defender portal. Good hands-on experience in onboarding Windows Server 2016 R2 and 2019 servers, using Defender XDR, and CyberArk. Good hands-on experience in providing KT sessions and training, and assigning tasks to juniors. Experience in creating the PIM and PAM roles, assigning the licences, and creating the RBAC roles using Azure Entra ID. Experienced in creating PIM roles and managing the RBAC roles using Sentinel. Good hands-on experience in onboarding Windows Server 2016 R2 and 2019 servers using Defender XDR and CyberArk. Monitoring, analysing, and responding to infrastructure threats, vulnerabilities, and risks. Collecting the logs of all the Windows, Linux, and network devices, and analysing the logs to find suspicious activities. Taking the appropriate action based on advisories, identifying threat actors using Mitre ATT&CK, and coordinating with the respective team to block the IOCs. Implemented conditional access policies and integrated Intune with Azure Active Directory for enhanced security, and user authentication. Escalating security incidents based on the client's SLA and providing meaningful information related to security incidents by conducting in-depth analyses of events, which makes the customer's business safe and secure. Proficient in Kusto Query Language (KQL): very good at writing and optimising queries to analyse large datasets in Azure Sentinel and Microsoft Defender. Knowledge of Group Policy Objects, Active Directory security and compliance configurations, and migrating to the Intune administrator console. Good hands-on experience in creating virtual machines, deploying endpoint agents on them, and managing IAM roles in an AWS environment. Collaborated with IT teams to design and deploy robust network security architectures, enhancing overall protection. Configure and manage dashboards, notebooks, data connectors, and playbooks in Azure Sentinel. Hunt for security threats using Azure Sentinel. Experience in handling technical administration and troubleshooting activities related to the M365 Defender suite. Handling spam and phishing email submissions from end-users, taking containment steps by further investigating domains and IPs to recommend proper blocking, and creating SPF, DKIM, and DMARC records for the domains to protect against spoofing. Experience in handling and deploying the Defender agents onto servers to onboard them into Defender, and troubleshooting agent connectivity issues using the MDE Client Analyser. Good hands-on experience in providing KT sessions and training, and in assigning tasks to juniors. Taking the appropriate action based on advisories, IOCs, identifying threat actors using Mitre ATT&CK, and coordinating with the respective team to block the IOCs.
Education
B.com Computers - Vishnu Institute of Technology
- 2021 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (39)
Click a skill to find developers with the same skill
