K Sanjay

Security Analyst

BNP Paribas

07-2021 - Present

Hands-on experience monitoring SIEM solutions and various SOC tools including IDS/IPS, behavioral analytics, log management systems, and security analytics platforms to detect and triage security events. Acknowledged, documented, and updated security alerts in internal ticketing systems, maintained event processing documentation, and escalated incidents to relevant teams when required. Orchestrated real-time threat detection and incident response using Azure Sentinel and Splunk; developed custom dashboards and fine-tuned KQL queries to enhance SOC visibility and reduce dwell time. Managing quarantines and exclusions with CrowdStrike EDR. Implemented and configured Crowdstrike Falcon EDR platform to monitor and protect endpoints across the organization's network infrastructure. Developed custom detection rules and policies within Crowdstrike Falcon to enhance threat detection capabilities tailored to the organization's specific environment and security requirements. Streamlined incident response by automating triage and escalation workflows via Logic Apps Playbooks, significantly improving response consistency and speed. Investigated and triaged data loss prevention (DLP) alerts across endpoints, cloud platforms, and email systems using Microsoft Purview; performed root cause analysis and incident escalation following standardized procedures. Collaborated with GRC and CISO stakeholders to design, implement, and maintain DLP policies, ensuring compliance with data protection standards across hybrid environments. Executed proactive threat hunting by analyzing behavioral indicators and correlating telemetry with MITRE ATT&CK; identified detection gaps and proposed analytic improvements. Addressed advanced endpoint threats using Microsoft Defender XDR, MDE, and EDR tools; conducted forensic analysis and evaluated impact to inform remediation strategy. Responded to phishing campaigns, business email compromise (BEC), and spoofing incidents using Microsoft Defender for Office 365 and Abnormal Security; adjusted detection rules to boost signal fidelity and reduce alert noise. Oversaw vulnerability management efforts using Qualys, Nessus, CrowdStrike, and Microsoft Defender; prioritized remediation efforts based on exploitability, CVSS scores, and business risk. Hands-on experience monitoring threat intelligence feeds to correlate real-time exploit activity with known vulnerabilities and assess risk exposure across the environment. Ensured comprehensive vulnerability and asset coverage by maintaining up-to-date inventories and enforcing scanning schedules across on-prem and cloud assets. Enforced Zero Trust principles through robust identity governance using Azure Entra ID; managed RBAC, MFA, and Conditional Access policies to restrict unauthorized access. Administered enterprise security infrastructure including Netskope CASB, Akamai WAF, and Fortinet Firewalls; conducted traffic analysis and blocked malicious activity at network ingress and egress points. Developed and maintained detailed SOPs, escalation guides, and playbooks; led SOC training sessions to improve analyst proficiency in detection and incident handling. Mentored junior analysts on vulnerability scanning techniques, alert investigation, and secure operational procedures; fostered knowledge sharing and process improvement. Supported security compliance and audit readiness for frameworks including ISO and PCI; produced documentation and evidence to meet regulatory requirements. Championed continuous improvement by refining detection content, optimizing tool configurations, and collaborating with cross-functional teams to enhance SOC maturity.