About
A competent professional with 2.0 Years of experience in Information security as Associate Security Analyst in SOC environment on IBM QRadar, SPLUNK and Falcon CrowdStrike, Microsoft O365 Defender & Abnormal Security.
Skills & Expertise (17)
Work Experience
Associate Security Analyst
UST Global Technology Services India Pvt ltd
Aug-2023 - present-present
Monitoring and identifying positive security events from QRadar and SPLUNK Console by using SOAR platform during shift hours and taking necessary actions for critical events. Working as Incident response on alert analysis and maintaining & improving SOPs (Playbooks) and processes. Providing 24*7 supports and coordinating with required team to resolve the issues. Analyzing malware alert for indicator of compromise (IOC), Investigation and mitigation of risk. Generating reports on (SOC) QRadar and SPLUNK on weekly basis for malicious IP address and host names and incidents identified by the SOC team. Analyzing and responding to user reported SPAM and phishing email, action on fraudulent email by using Microsoft O365 Defender and Abnormal security Tools. Monitoring the Splunk SOAR environment to find security incidents like Malware, Phishing attacks and DDOS & Brute force and password spray attacks. Ensuring the goals of incident management and providing initial incident support within support SLA. Working on Integration and Troubleshooting of different log sources: Windows, Linux, Firewalls, Network Devices. Worked on Ransomware incidents and provide remediation steps for the incident. Detecting spam, phishing attacks in the environment by reading the header information and taking appropriate action and notifying the end users. Working on Malware incidents and analysis and provided remediation steps to the end users. Working on different ticketing tools like ServiceNow, BMC Remedy and SOAR platforms. Having good knowledge of IP classes and subnets and how it works. Suggesting with the remediation process and to mitigating the risk. Incident rising with proper description, impact and recommendations to the dependent socket. Filtering the events by defining & applying Filters at different levels of an events. Incident management and shift management. Mail monitoring and following escalation matrix. Decision making with expert in the team. Displaying the event data in different layouts by defining Dash Boards & Data Monitor. Good Knowledge on Identifying IOC’s for latest vulnerabilities. Hands on Experience on EDR (Falcon CrowdStrike) & Microsoft 0365 Defender tools. Good Knowledge on Investigating the detections on EDR and mitigating the threat by taking the real time response for removing the un-wanted files and run the Av scan. Analyzing phishing, malware and spam related activities and notifying to the users. Performing threat hunting based on incidents identified on SIEM and Defender. Good knowledge on Azure platforms for analyzing user sign in and audit logs.
Education
B.Tech in Civil Engineering
2011 - 2015 · India
Intermediate
2009 - 2011 · India
SSC
2008 - 2009 · India
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Citizen
Relocation
Open to Relocation
