About
Around 5 Years of hands-on Experience in Security Operations. Incident Response, Endpoint Security, Phishing analysis, Threat Intelligence, Network Security.
Skills & Expertise (54)
Work Experience
Security Analyst - SOC
Capgemini Technology Services India Limited
Mar 2021 - Present
Working in Security Operation Centre (24/7), monitoring of SOC events, Detecting and Preventing the Intrusion attempts. Monitor and triage alerts from SIEM platforms (Splunk, Sentinel, Elastic/ELK) by correlating data across endpoint (CrowdStrike, Defender), network, cloud (Zscaler, AWS, Azure), and email security tools. Worked for MNC clients, interacting directly with the customers, presenting SOC status reports and completing the action items according to client request. Real time monitoring of Network Security devices such IPS, Firewall, DLP, Endpoint Security, Operating system, and Email security, servers, VPN etc. Correlate logs from Zscaler Internet Access / ZPA to detect cloud-based threats. Performing the in-depth analysis to identify root cause of the incidents and performing malware analysis to identify behavior of the files. Analyzing the phishing emails which are reported by the employees to the SOC team and identifying whether the reported email is a phishing or spam or legitimate. Performing the phishing campaign and educating the employees. Having experienced in working FortiSOAR for SOAR playbook creation and monitoring alerts. Stay updated on latest CVEs, TTPs, and MITRE ATT&CK techniques to strengthen detection strategies. I have a strong understanding of analyzing the cloud logs which comes from Cloudwatch, Cloudtrial, VPC flows logs. Development of Reports and Dashboards in Splunk & Sentinel. Performing the vulnerability assessment and coordinating with patching team to remediate the vulnerabilities. I had performed auditing on firewalls to identify the security configuration issues and vulnerabilities using nipper. Using AV and other analysis tools to perform Malware Analysis and complete removal of malware from client's environment. Performing daily health checkup of the SIEM solution to make sure all the log sources are reporting the logs into the SIEM platform. Differentiate the false positives from true intrusion attempts and help remediate / prevent. Support escalation and work closely with stakeholders as required. Document all actions taken during incident investigations and creating the incident report and share to the stake holders. Provide tuning and filtering recommendations to engineering teams. Support requests for data by the customer and other teams analyzing daily, weekly and monthly reports. Taking the appropriate action based on advisories ioc's, identifying threat actor using Mitre ATTACK, etc and coordinating with respective team to block the ioc's. Hunting for the iocs which are provided advisories and identify if there is any suspicious communication attempts. Developing the standard operation procedures based on NIST incident response life cycle. Analyze and investigate the alerts in SOC monitoring tool to report any abnormal behaviors, suspicious activities, traffic anomalies etc. Conduct analysis of network traffic and host activity across wide array of technologies and platforms. Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts. Recognize cyber-attacks based on their signatures. Differentiate false positives from true intrusion attempts and help remediate/prevent cyber-attacks. Analyze malicious campaigns and evaluate effectiveness of security technologies. Worked closely with RedTeam during Purple teaming activities to identify the effectiveness of threat simulation. Monitor, investigate, and respond to security events and incidents in the Azure cloud environment, including networking, applications, and data storage.
Education
Bachelor of Engineering - Ballari Institute of Technology And Management
- 2018 · Afghanistan