About
Security Engineer with around 6 years of expertise in Cognizant in incident response and forensics. Skilled at leading investigations, mitigating threats, and securing systems against attacks. Proven ability to collaborate with executives to develop and implement effective security strategies.
Skills & Expertise (33)
Work Experience
Security Engineer
Cognizant
May 2023 - Present
Good knowledge & working experience on central logging, log management, Splunk SIEM architecture. Experience in writing correlation rules and monitoring Enterprise Security Applications. Provides regular monitoring, triage, and incident response to automated security alerts using Security tools (like SIEM Splunk, Azure Sentinel. EDR, Antivirus, and Email Security). Experience in analyzing advanced system-based threats using EDR Defender for Endpoint. Experience in AIR (Automated Investigations and Remediation) policies and its implementation. Expertise in building use cases around NIST and MITRE ATT&CK framework to enable detection at various stages of a cyber-attack. In-depth understanding of latest techniques used by attackers for persistence, privilege escalation, defense evasion and lateral movement. Experienced in examining suspicious emails for malicious content and providing recommendations on remediation actions using Office-365. Experience in creating, tracking & responding to support cases raised with Defender ATP Support. Responding to in-house queries and guiding users with threat remediation strategies and best security practices. Performed root cause analysis for the incidents reported at the security operations center. Performed managing of SPLUNK SIEM and experienced with creating new alerts for Security use cases. Log sources integration to SIEM solution. Experience in creating runbook, SOPs and docs supporting the Security Operations. Experience in monitoring, responding to and analyzing trends in Workstation/Servers for security-related events Perform daily, weekly & monthly scheduled task for MS Defender ATP. Experienced in handling the true positives incidents and remediating in a time manner and preparing the Incident Response (IR) Reports. Experienced in migrating the agents and tools from mcafee EPO to defender ATP. Prepare Endpoint Compliance reports and initiate the remediation activities wherever required. Experience in adding and deploying a client onboarding configuration file, Configuration Manager can monitor deployment status and Microsoft Defender ATP agent health. Strong experience in managing Endpoint Agents over Windows and Linux operating systems, Active Directory integrations, Windows Event Logs. Experience in working on Host isolation and advanced threat analysis using the EDR MS Defender ATP. Experienced in creating log-analytics rules based on the client requirement by configuring different data tables using KQL languages. Experienced in creating various automation rules for closing incidents, alerts, and reducing false positives.
Security Analyst
Coromandel International Ltd
Jun 2022 - May 2023
Knowledge of a breadth of security technologies and topics such as: Security Information and Event Management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Enterprise Anti-Virus, Sandboxing, Network and Host based firewalls. Expert in installing and using Splunk apps and add-on's. Experience in providing end-to-end support to enterprise counterparts, identifying the root cause of sophisticated enterprise initiatives with endpoint security solutions Microsoft Defender Atp. Hand's on experience in analyzing the device timeline logs and pulling the reports by using the advanced hunting in KQL. Monitor, respond to and analyze trends in Workstation/Servers for security related events Perform daily, weekly & monthly scheduled task for defender ATP. Knowledge of email security threats and security controls, including experience analyzing email headers. Experience in adding and deploying a client onboarding configuration file, Configuration Manager can monitor deployment status and Microsoft Defender ATP agent health. Good understanding of Azure Active Directory, Azure MFA, and conditional access. Experienced in examining suspicious emails for malicious content and providing recommendations on remediation actions using Office-365. Analysis of Phish emails reported by users to identify the type of attack and take immediate remediation. Monitor Symantec Endpoint Monitoring console for regular health checkups of systems. Splunk SIEM monitoring which includes License monitoring, Indexer storage volume monitoring, Splunk Application daily health-check monitoring, and Event & Incident monitoring. Prepare and deliver reports and metrics on vulnerability assessment outcomes, remediation progress, and the overall vulnerability landscape to senior management and other relevant stakeholders. Managing reporting of AV Migration and compliance report. Contribute to risk assessments and aid in the identification of potential security risks and threats. Working on endpoint(desktops. servers) security with more emphasis on antivirus technology in securing the organization end point assets. Experience in writing correlation rules and monitoring Enterprise Security Application. Experience in Rapid 7 Vulnerability management tool to perform the Vulnerability scanning, reporting. Experience in handling technical administration and troubleshooting activities related to M365 Defender suite. Strong knowledge and working experience on Office 365 Email gateway solutions completely own, manage, monitor & administer the email security stack & policies for both On-Prem & cloud environments that include Office 365 Email security solutions.
Security Analyst
Adama India Pvt Ltd
Apr 2018 - Nov 2019
Hands-on experience (L2 level) in support, implementation, configuration and management of EDR/AV solutions (EDR/AV solutions like CrowdStrike & symantec AV. Conducted investigations on infrastructure through forensic analysis to identify Indicators of Compromise (IoC's). Utilized network traffic analysis tools and packet capture techniques to identify and investigate network-based threats and suspicious activities. Experience in Application security and Mobile security Including OWASP technologies,vulnerability research and Mitigation. Contribute to risk assessments and aid in the identification of potential security risks and threats. Prepare and deliver reports and metrics on vulnerability assessment outcomes, remediation progress, and the overall vulnerability landscape to senior management and other relevant stakeholders. Analysis of Phish emails reported by users to identify the type of attack and take immediate remediation. In-depth understanding of latest techniques used by attackers for persistence, privilege escalation, defense evasion and lateral movement. Configure and manage Dashboards, Notebooks, Data Connectors and playbooks in Azure Sentinel,Hunt security threats using Azure Sentinel. Experience in a 24x7 SOC environment, as part of a team or independently, to analyse alerts and log data promptly and effectively. Assess the severity and impact of potential threats to accurately prioritise alerts and incidents. Experience in handling and deploying the Defender agents into servers to onboard into Defender, and troubleshooting agent connectivity issues using the MDE Client Analyser. Execute swift containment and remediation measures for identified security incidents, employing predefined response strategies to isolate affected systems and prevent further compromise.
Education
Master of Business Administration - Sheffield Hallam University
- 2017 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (33)
Click a skill to find developers with the same skill
