About
Security Operations Analyst with 3+ years I am responsible for monitoring and triaging security-relevant alerts and reports from the company's systems. The Security Operations Analyst is also responsible for the implementation of the policies and configurations that result in those alerts and reports by the company's systems, including those systems that are not security-specific, such as business applications. Additionally, the Security Operations Analyst is responsible for maintaining the dashboards and collecting the metrics that comprise those dashboards. Finally, the Security Operations Analyst will work directly with the SOC analysts, the MSSP analysts, the Security Engineers, and other teams within the business to ensure the confidentiality, availability, and integrity of our information and information assets Cybersecurity Specialist with proficiency in online security research, planning, execution and maintenance. Skilled at training internal users on security procedures and preventive measures.
Skills & Expertise (62)
Work Experience
IT Security Analyst
RingCentral
Jun 2022 - Present
Having 4.1 years of working experience as security analyst. Experience working with global teams across multiple time zones, cultures, and languages. Track and respond to all incoming alerts from the SOC, the MSSPs, and the systems monitored directly by the Security Operations team. Perform tier 2 triage of all escalations from the SOC & MSSPs, tier 1 triage of all alerts that are directly monitored, and work with Security Engineering for all escalations beyond the Security Operations team. Monitor multiple security alert sources, eliminate false positives from Symantec SIEM, based on the impact and nature of the Security incident triage significant security events, and escalate according to the established procedures. Review automated daily security events, identify anomalies and escalate critical security events to the appropriate IT Team and follow up as required. Investigate the root cause of the incident from different logs. Monitor security devices log delay alarm to keep the device in a healthy state. SIEM platforms - Splunk, etc. Working on EDR with - Crowdstrike, Good understanding of MITRE ATT&CK framework -Threat Hunting, Incident Detection and Response, use case engineering, Designing and implementing IR Playbooks, Curating Threat Intelligence. Analyze event/alert patterns to properly interpret and prioritize threats with available DLP tools and other devices. Identify trends and derive requirements aimed at improving and enhancing existing data loss prevention and detection policies. Dashboards, reporting, & KPIs. Perform routine (daily, weekly, monthly, quarterly, & yearly) reporting on our security events, trends, and system hygiene & posture, such as on our IaaS environments & critical SaaS environments. Build the system & configuration components needed to capture the metrics by which security hygiene, monitoring & alerting health, and security program effectiveness are measured. Track our KPI elements over time such that KPI trends can be determined & used as feedback to the security program design. Carrying out log monitoring and incident analysis for various devices such as firewalls, IDS, IPS, databases, web servers, IDS/IPS, network devices, authentication devices, endpoints, email gateways, and other cloud-hosted devices to make sure all the company assets are free from external attacks. Create, modify, and tune the SIEM rules to adjust the specifications of alerts and incidents.
Education
Bachelor of Engineering - Tontadarya College of Engineering
- 2022 · Afghanistan
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Need Sponsorship
Relocation
Depends on Offer