About
Security professional with around 3+ years of experience in endpoint, cloud security, SIEM, and SOC operations. Proven expertise in threat monitoring, malware analysis, incident response, and vulnerability management, with a strong focus on delivering innovative security solutions while ensuring industry compliance.
Skills & Expertise (10)
Work Experience
Security Analyst
Tenpath Solutions
10-2018 - 10-2022
Experienced in conducting investigations of static analysis, dynamic analysis, and IOCs using sandbox environments. Working experience in a SOC environment with hands-on experience using the SIEM Splunk tool, which includes log analysis, fine-tuning existing correlation rules to reduce false positives, and responding to incidents. Good hands-on experience in creating virtual machines, deploying endpoint agents on them, and managing IAM roles in an AWS environment. Experienced in creating endpoint health check reports on a daily basis, troubleshooting agent-related issues, and producing compliance reports for sharing at the client level. Strong understanding of security operations and incident response processes and practices. Experience in creating Log Analytics workspaces, creating conditional access policies, and detection rules using Defender 365 and Azure Sentinel. Extensive experience in creating playbooks using Logic Apps and fine-tuning use cases using KQL. Good knowledge in analyzing different malicious executables and documents. Good understanding of Azure Active Directory, Azure MFA, and conditional access. Experience in providing end-to-end support to enterprise counterparts, identifying the root cause of sophisticated enterprise initiatives, and implementing endpoint security solutions, including Microsoft Defender ATP. Experience with compliance tickets and advisory for blacklisting of IOCs, and process using Endpoint Security. Extensive experience in ticketing tools (ServiceNow, Jira). Experience in handling and deploying the Defender agents onto servers to onboard into Defender, and troubleshooting agent connectivity issues using the MDE Client Analyzer. Creating mail flow rules and policies in the Exchange Admin Centre to block or unblock any kind of sender address, domain, and subject match. Escalating security incidents based on the client's SLA and providing meaningful information related to security incidents by conducting in-depth analysis of events, which makes the customer's business safe and secure. Analyze and investigate the alerts in the SOC monitoring tool to report any abnormal behaviors, suspicious activities, traffic anomalies, etc.
Security Analyst
Tenpath Solutions
10-2018 - 10-2022
Experienced in conducting investigations of static analysis, dynamic analysis, and IOCs using sandbox environments. Working experience in a SOC environment with hands-on experience using the SIEM Splunk tool, which includes log analysis, fine-tuning existing correlation rules to reduce false positives, and responding to incidents. Good hands-on experience in creating virtual machines, deploying endpoint agents on them, and managing IAM roles in an AWS environment. Experienced in creating endpoint health check reports on a daily basis, troubleshooting agent-related issues, and producing compliance reports for sharing at the client level. Strong understanding of security operations and incident response processes and practices. Experience in creating Log Analytics workspaces, creating conditional access policies, and detection rules using Defender 365 and Azure Sentinel. Extensive experience in creating playbooks using Logic Apps and fine-tuning use cases using KQL. Good knowledge in analyzing different malicious executables and documents. Good understanding of Azure Active Directory, Azure MFA, and conditional access. Experience in providing end-to-end support to enterprise counterparts, identifying the root cause of sophisticated enterprise initiatives, and implementing endpoint security solutions, including Microsoft Defender ATP. Experience with compliance tickets and advisory for blacklisting of IOCs, and process using Endpoint Security. Extensive experience in ticketing tools (ServiceNow, Jira). Experience in handling and deploying the Defender agents onto servers to onboard into Defender, and troubleshooting agent connectivity issues using the MDE Client Analyzer. Creating mail flow rules and policies in the Exchange Admin Centre to block or unblock any kind of sender address, domain, and subject match. Escalating security incidents based on the client's SLA and providing meaningful information related to security incidents by conducting in-depth analysis of events, which makes the customer's business safe and secure. Analyze and investigate the alerts in the SOC monitoring tool to report any abnormal behaviors, suspicious activities, traffic anomalies, etc.
Digital Engineer
Sonata Software
06-2024 - 09-2025
Hands-on experience in analyzing phishing emails and malware emails, performing soft deletes and hard deletes of malicious emails from the email cluster, and adding indicators to the tenant allow list, block list, and based on analyzing the IOCs. Handling spam and phishing email submissions from end-users, taking containment steps by further investigating domains and IPs to recommend proper blocking, and creating SPF, DKIM, and DMARC records for the domains to protect against spoofing. Implemented Microsoft Sentinel SIEM solution from the ground up, including initial configuration, workspace setup, and data onboarding. Good hands-on experience in creating custom detection rules using the KQL language and finetuning use cases to reduce false positives in Defender 365 and Azure Sentinel. Configure and manage dashboards, notebooks, data connectors, and playbooks in Azure Sentinel. Hunt for security threats using Azure Sentinel. Good knowledge of analyzing different malicious executables and documents. Good hands-on experience in Azure Active Directory, Azure MFA, and conditional access. Experience in creating and maintaining the daily, weekly, and monthly reports of device health status by using Defender ATP. Experience in working on host isolation and advanced threat analysis using EDR, Microsoft Defender ATP, and other tools. Good knowledge and working experience in central logging, log management, and Splunk SIEM. Configured and optimized Microsoft Defender for Endpoint to enhance protection against malware, ransomware, and advanced threats. Experience in working on host isolation and advanced threat analysis using the EDR Microsoft Defender ATP. Taking the appropriate action based on advisories, IOCs, identifying threat actors using MITRE ATT&CK, and coordinating with the respective team to block the IOCs. Working in the Security Operation Centre (24x7), monitoring SOC events, and detecting and preventing intrusion attempts. Strong knowledge and working experience of Office 365 email gateway solutions, completely owning, managing, monitoring, and administering the email security stack and policies for both on-premises and cloud environments, including Office 365 email security solutions. Experience in a 24x7 SOC environment, as part of a team or independently, to analyze alerts and log data promptly and effectively. Assess the severity and impact of potential threats to accurately prioritize alerts and incidents. Conduct in-depth analysis of security events, collaborating directly with customers to escalate and thoroughly investigate incidents. This involves understanding the scope, impact, and root cause of incidents to tailor the response effectively.
Digital Engineer
Sonata Software
06-2024 - 09-2025
Hands-on experience in analyzing phishing emails and malware emails, performing soft deletes and hard deletes of malicious emails from the email cluster, and adding indicators to the tenant allow list, block list, and based on analyzing the IOCs. Handling spam and phishing email submissions from end-users, taking containment steps by further investigating domains and IPs to recommend proper blocking, and creating SPF, DKIM, and DMARC records for the domains to protect against spoofing. Implemented Microsoft Sentinel SIEM solution from the ground up, including initial configuration, workspace setup, and data onboarding. Good hands-on experience in creating custom detection rules using the KQL language and finetuning use cases to reduce false positives in Defender 365 and Azure Sentinel. Configure and manage dashboards, notebooks, data connectors, and playbooks in Azure Sentinel. Hunt for security threats using Azure Sentinel. Good knowledge of analyzing different malicious executables and documents. Good hands-on experience in Azure Active Directory, Azure MFA, and conditional access. Experience in creating and maintaining the daily, weekly, and monthly reports of device health status by using Defender ATP. Experience in working on host isolation and advanced threat analysis using EDR, Microsoft Defender ATP, and other tools. Good knowledge and working experience in central logging, log management, and Splunk SIEM. Configured and optimized Microsoft Defender for Endpoint to enhance protection against malware, ransomware, and advanced threats. Experience in working on host isolation and advanced threat analysis using the EDR Microsoft Defender ATP. Taking the appropriate action based on advisories, IOCs, identifying threat actors using MITRE ATT&CK, and coordinating with the respective team to block the IOCs. Working in the Security Operation Centre (24x7), monitoring SOC events, and detecting and preventing intrusion attempts. Strong knowledge and working experience of Office 365 email gateway solutions, completely owning, managing, monitoring, and administering the email security stack and policies for both on-premises and cloud environments, including Office 365 email security solutions. Experience in a 24x7 SOC environment, as part of a team or independently, to analyze alerts and log data promptly and effectively. Assess the severity and impact of potential threats to accurately prioritize alerts and incidents. Conduct in-depth analysis of security events, collaborating directly with customers to escalate and thoroughly investigate incidents. This involves understanding the scope, impact, and root cause of incidents to tailor the response effectively.
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Current Company
Other
Visa Status
No Visa
Relocation
Open to Relocation