About
Security Analyst with 3+ years of progressive experience in cybersecurity. Skilled in evaluating business systems to identify risks and compliance challenges, with a strong ability to develop sustainable security solutions that enhance protection and resilience.
Skills & Expertise (47)
Work Experience
Security Analyst
Deloitte
Jul 2022 - Present
Experienced SOC analyst in Microsoft ATP Defender, CrowdStrike Falcon, O365, Splunk SIEM, and QRadar. Experience in a 24/7 SOC environment, as part of a team or independently, to analyze alerts and log data promptly and effectively. Assess the severity and impact of potential threats to accurately prioritize alerts and incidents. Configure and manage dashboards, notebooks, data connectors, and playbooks in Azure Sentinel; hunt security threats using Azure Sentinel. Perform technical investigations on issues, conduct root cause analysis, recommend solutions, and mitigate the effects caused by an issue with CrowdStrike EDR. Experienced in creating conditional access policies and fine-tuning the ASR rules in Defender 365 and in Intune. Monitor and analyze security information and event management (SIEM) tools and other security monitoring systems to identify potential security incidents and anomalies. Execute swift containment and remediation measures for identified security incidents, employing predefined response strategies to isolate affected systems, and prevent further compromise. Strong knowledge of cloud security concepts and technologies, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), and managing the multi-tenant hybrid cloud. Experience in data analytics, advanced data analytics, visualization, advanced visualization, dashboard customization, and advanced dashboard customization in Splunk. Created a cloud playbook that helped the monitoring team members to work on the alerts and escalate the true positives. Participate in hunt missions using threat intelligence, analysis of anomalous log data, and the results of brainstorming sessions to detect and eradicate threat actors. Experience with system security concepts, tools, implementation, DLP, CASB, and integration with various data sources and application stacks. Splunk SIEM monitoring includes license monitoring, indexer storage volume monitoring, Splunk application daily health-check monitoring, and event and incident monitoring. Good understanding of Azure Active Directory, Azure MFA, and conditional access. Monitor the Symantec Endpoint Monitoring console for regular health check-ups of systems. Hands-on experience in the installation, configuration, and management of Microsoft Exchange Servers 2016 and above. Performed folder exclusion policies, other device-based policies, and tags in Defender for Endpoint. Experience in adding and deploying a client onboarding configuration file; Configuration Manager can monitor deployment status, and Microsoft Defender ATP agent health. Working on an email fraud defense console to secure the environment from hackers and fraudsters. Conduct in-depth analysis of security events, collaborating directly with customers to escalate and thoroughly investigate incidents. This involves understanding the scope, impact, and root cause of incidents to tailor the response effectively. Proactively participate in the creation and enhancement of processes and procedures, such as Security Playbooks.
Education
B.Tech in C.S.E - Vishnu Institute of Technology
- 2022 · Afghanistan