About
Security Analyst with 1+ years of experience in SIEM, EDR, incident response, and threat analysis across cloud and on-prem environments.
Skills & Expertise (38)
Work Experience
Security Analyst
Movate Technologies
Dec 2024 - Present
Conducted advanced threat hunting in CrowdStrike Falcon EDR, detecting suspicious processes and lateral movement attempts. Analyzed phishing campaigns using Proofpoint & Sentinel logs, successfully blocking malicious domains and senders. Monitored and analysed real-time security events using Microsoft Sentinel. Experience on performing log analysis and analysing the crucial alerts at immediate basis through SIEM. Monitoring the alerts triggered from Sentinel and by analysing logs and by taking necessary action with respect to alerts and remediate the alert by meeting the Service Level Agreement (SLA). Efficiently created and managed tickets using industry-standard ticketing tools to track incident resolution progress. Investigated phishing, spam, and malicious email incidents and documented findings. Performed deep-dive threat analysis on URLs, hashes, IPs using Virus Total, Any. Run and Hybrid Analysis. Created, optimized, and fine-tuned KQL queries for custom alert rules in Microsoft Sentinel. Created and fine-tuned detection rules and use cases in SIEM for better alert accuracy. Handled incident response processes from detection to closure, reducing MTTR. Raised and managed incidents via ServiceNow and Jira ticketing systems. Coordinated with IT teams for patching schedules and vulnerability resolution. Maintained asset inventory, tagging, and agent coverage tracking across cloud infrastructure. Reviewed firewall, proxy, and DNS logs for abnormal patterns and threat indicators. Supported compliance initiatives (NIST) by providing security evidence and audit logs. Developed SOPs and playbooks to streamline investigation and escalation workflows. Quarantined infected machines and initiated root cause analysis. Responded to behavioural detections such as credential dumping. Generated detailed incident reports for high-priority endpoint threats. Handled L1/L2 incident response workflows for malware, phishing, and unauthorized access. Performed RCA (Root Cause Analysis) and documented lessons learned post-incident. Worked with Splunk Phantom to build automated playbooks for phishing response. Integrated ServiceNow with SIEM for automated ticket creation and closure (Directional). Conducted audit logging and agent coverage reviews for cloud. Created remediation dashboards for asset owners to track patch status. Ensured agent health status and proper coverage for vulnerability scans. Delivered incident metrics (alert volume, response time, resolution rate) to stakeholders. Maintained Confluence documentation for process flows and SOPs. Worked with cross-functional teams during incident response and patch cycles. Mapped alerts to MITRE ATT&CK to ensure adversary technique coverage. Presented security awareness sessions on phishing and social engineering. Preparing Daily/weekly/Monthly Reports for clients. Monitoring 24x7 for Security Alerts and targeted phishing sites by using SIEM tool with the help of technologies such as Abuse mailbox and similar sounding domains. Conducted knowledge-sharing sessions within the SOC team.