About
Cybersecurity Analyst (CSOC) with 3 years of experience in Endpoint Security, SIEM Management and Analysis(IBM Qradar), Threat detection, incident response, malware detection, phishing analysis, email security and cloud security. Capable in handling EDR(CrowdStrike Falcon), UEBA (GRA), Cloud security (Prisma, Azure, CASB). With a deep curiosity for understanding threats and a strong desire to investigate their root causes through independent research, I aim to proactively neutralize threats while contributing to organizational goals.
Skills & Expertise (21)
Work Experience
CSOC Analyst
Tata Consultancy Services
Jun 2023 - Present
Proficient in handling incident management, Triage and leading SOC operations using Palo Alto XSOAR (Demisto) by closing tickets within 4-days while maintaining 98% Response SLA, following playbook automation. Contributed in fine-tuning, whitelisting and enhancing detection accuracy by 50%. Monitored and analyzed SIEM alerts (IBM QRadar) for real-time threat detection, incident triage, and mitigation of security incidents through actions such as blocking malicious IPs and domains on Firewalls – WAF. Investigated endpoint security alerts using CrowdStrike Falcon to detect and respond to advanced threats based on alert's T&T using MITRE ATT&CK framework and performed root cause analysis. Mitigated the threat by containment of host and eradication measures to mitigate security breaches, have also worked on whitelisting and blacklisting of 4 applications and hashes to enhance endpoint security. Interpreting UEBA alerts generated by GRA tool, to investigate unusual user behavior, helping detect potential insider threats and account compromises. Investigating phishing emails using IronPort, FireEye, sandboxing tools to detect malicious payloads and recommended remediation with detailed reporting resulted in reduction of 50% Phishing attempts. Investigated on possible domain impersonation and typo-squatting based on intel received from Threat Intelligence platform – Recorded Future. Utilizing Microsoft Azure to monitor user sign-ins, analyze risky user logs and check for leaked credentials to identify and respond to potential account compromise incidents with-in 5-10 mins. Documenting and providing a knowledge sharing session to team member, improving incident handling efficiency by 30%. Managing and operating the shift and reporting updates to SOC Manager to endure 24/7 coverage. Researching new and evolving threats and vulnerabilities with potential to impact the organization's environment.
Education
Bachelor’s of Technology, Mechanical Engineering - JNTUHUCEJ
2018 - 2022 · Afghanistan
Higher Secondary in PCM - SR Junior College
2016 - 2018 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (21)
Click a skill to find developers with the same skill
