About
Cyber Security Engineer with 4 years of hands-on experience across Security Operations, Cloud Security, Email Threat Protection, and Incident Response in enterprise environments. Proven expertise in threat detection, investigation, and remediation using the Microsoft security ecosystem and leading third-party security tools. Highly skilled in SIEM, SOAR, EDR, Identity Security, and Vulnerability Management, with operations aligned to the MITRE ATT&CK framework. Demonstrated ability to enhance security posture through automation, detection tuning, and proactive threat hunting, while effectively mentoring junior analysts and supporting SOC maturity initiatives.
Skills & Expertise (26)
Work Experience
Cyber Security Engineer
Sourcemash Technologies Pvt. Ltd
Apr 2022 - Present
Experienced in-depth analysis of phishing, spam, and malware emails using Microsoft Office 365 security tools, Defender, and Proofpoint, enabling rapid detection and containment of email-based threats. Investigated indicators of compromise (IOCs) and proactively managed tenant allow/block lists to prevent recurring and emerging threats. Implemented and maintained SPF, DKIM, and DMARC configurations to mitigate email spoofing and domain impersonation attacks. Conducted endpoint threat investigations leveraging EDR capabilities, including host isolation, malware containment, and sensor policy optimization. Developed and tuned KQL-based analytics and detection rules within Microsoft Azure Sentinel to improve threat visibility and reduce false positives. Built SOAR automation workflows using Microsoft Logic Apps, integrating enrichment, alert triage, and incident response playbooks. Administered identity and access security controls, including Conditional Access policies, Intune integration, and Zero Trust-aligned configurations. Executed vulnerability assessments across infrastructure and endpoints using industry-standard scanning tools, prioritizing remediation based on risk. Managed privileged access through Azure AD PIM, enforced RBAC permissions, and monitored audit and sign-in logs for suspicious activity. Provided L2-level operational support for EDR and antivirus solutions, handling escalated incidents through investigation, containment, and recovery. Delivered training sessions and knowledge transfer to junior analysts, improving team capability in alert analysis and incident handling. Investigated advanced endpoint threats using EDR/XDR platforms, applying attack surface reduction policies, host isolation, and containment techniques to minimize impact. Designed and maintained incident response playbooks and SOPs, significantly reducing MTTR during high-severity security incidents. Implemented identity security controls including RBAC, MFA, and Conditional Access policies to mitigate privilege abuse and identity-based attacks. Monitored cloud workloads and security posture through CSPM and cloud security platforms, identifying misconfigurations and exposure risks. Triaged and investigated SIEM alerts using correlation logic and KQL, identifying true positives and executing timely response actions. Developed SOAR automation workflows to streamline alert enrichment, case management, ticketing, and escalation processes. Enhanced email security posture by tuning detection policies and responding to phishing and BEC attacks through rapid investigation and remediation. Continuously refined SIEM detection rules aligned with the MITRE ATT&CK framework and emerging threat intelligence. Administered CASB, WAF, and firewall technologies to prevent data exfiltration, insider threats, and unauthorized access. Coordinated vulnerability remediation efforts with infrastructure and application teams, tracking SLAs and closure metrics.
Education
B.Tech - JNTU Hyderabad
- 2022 · Afghanistan
