About
Around 4+ Years of hands-on Experience in Security Operations. Incident Response, Endpoint Security, Phishing analysis, Threat Intelligence, Network Security. Good understanding of log formats of various devices such as Web sense, Vulnerability Management Products, IDS/IPS, EDR, Firewalls, WAF, Proxy, Routers, Switches, OS, DB Servers, and Antivirus. Experience in Information Security with emphasis on security operations, Log monitoring, Log management, incident management, and security event analysis through Sentinel & Splunk SIEMs.
Skills & Expertise (14)
Work Experience
Security Analyst
Toyota Kirloskar Motor Pvt Limited
Jun 2024 - Aug 2025
Working in Security Operation Centre (24/7), monitoring of SOC events, Detecting and Preventing the Intrusion attempts. Real time monitoring of Network Security devices such IPS, Firewall, DLP, Endpoint Security, Operating system, and Email security, servers, VPN etc. Performing the in-depth analysis to identify root cause of the incidents and performing malware analysis to identify behavior of the files. Analyzing the phishing emails which are reported by the employees to the SOC team and identifying whether the reported email is a phishing or spam or legitimate. Performing the phishing campaign and educating the employees. Creating of Reports in QRADAR & Sentinel. Performing the vulnerability assessment and coordinating with patching team and Business units to to remediate the vulnerabilities. Using AV and other analysis tools to perform Malware Analysis and suggesting completing removal of malware from client's environment. Performing daily health checkup of the SIEM solution to make sure all the log sources are reporting the logs into the SIEM platform. Differentiate the false positives from true intrusion attempts and help remediate / prevent. Support escalation and work closely with Business units as required. Provide tuning and filtering recommendations to engineering teams. Supported requests for data by the Business units and other teams analyzing daily, weekly and monthly reports. Taking the appropriate action based on advisories IOCs, identifying threat actor using Mitre ATTACK, etc and coordinating with respective team to block the IOCs.
Executive
Micro Labs Private Limited
Jan 2021 - May 2024
Working in Security Operation Centre (24/7), monitoring of SOC events, Detecting and Preventing the Intrusion attempts. Worked for MNC clients, interacting directly with the customers, presenting SOC status reports and completing the action items according to client request. Analyzing the phishing emails which are reported by the employees to the SOC team and identifying whether the reported email is a phishing or spam or legitimate. Performing the phishing campaign and educating the employees. I have a strong understanding of analyzing the cloud logs which comes from Cloud trial, VPC flows logs. Performing the vulnerability assessment and coordinating with patching team to remediate the vulnerabilities. Support escalation and work closely with stakeholders as required. Support requests for data by the customer and other teams analyzing daily, weekly and monthly reports. Analyze and investigate the alerts in SOC monitoring tool to report any abnormal behaviors, suspicious activities, traffic anomalies etc. Differentiate false positives from true intrusion attempts and help remediate/prevent cyber-attacks.
Education
MBA - JSS Center of Management Studies
- 2017 · Afghanistan
Bachelor of Commerce - BS Channabassapa First Grade College
- · Afghanistan
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
CPT
Relocation
Open to Relocation