About
Over all 3+ years of experience as a Soc Analyst. Experience working in Security Operations Center (SOC). Having hands-on experience on Azure Sentinel and Splunk. Good Knowledge on OSI Layers, Incident life cycle, Incident response, Email Security concepts, Security Devices, CIA, Cyber kill chain, Ports, and protocols. Experience on Malware attacks and Phishing attacks using EDR. Use Vulnerability Assessment tool such as NESSUS to perform security testing. Checking the Daily health status of logs. Performing incident analysis & analyzing the crucial alerts at immediate basis. Brief knowledge of various Network security devices (Firewall, Proxy, IPS, Antivirus, DNS, DHCP) Carried out day-day-day duties accurately and efficiently. Preparing daily, weekly and monthly reports as per client requirement. Escalate issues as per the escalation matrix to operation heads or senior authorities for faster and better resolution. Recommend improvements in security systems and procedures. Strong knowledge in Security Monitoring and Operation. Providing 24x7 & L-1 on-call support & coordinating with required Teams to resolve the high severity issues.
Skills & Expertise (10)
Work Experience
Information Security Analyst
IntelliSense Software Pvt ltd
02-2021 - Present
Act as first level support for all Security Issues. Monitor SIEM alerts, analyze events in SIEM and raise Security incidents in Ticketing Tool (Service Now). Investigating security violations, attempts to gain unauthorized access, virus infections, etc. Coordinate responses to security incidents in a timely manner. Work with various teams across the organization to improve security posture. Worked on o365 Cloud app and Azure Active Directory. Exposure to Documentation and Reporting. Escalating the security incidents based on the SLA and providing meaningful information related to security incidents by doing in-depth analysis of event payload, providing recommendations regarding security incidents mitigation which in turn makes the customer business safe and secure. As part of the Incident Handler team, we investigated High & Medium priority alerts triggered by Azure sentinel SIEM. Working experience on Phishing email analysis, social engineering attacks and remediation using Microsoft o365 Email protection. Worked with MS Defender for endpoint tool to investigate Endpoint Device alerts. Adding indicators, file hashes in defender portal in order to block the execution of malicious threat. Checking out the threat intel reports and adding the IOCs in the respective security solutions. Provide incident response support for all the actionable incidents. Proactive in triaging viruses, malware, and other security events on endpoints. Performed investigation of network and hosts/endpoints for malicious activity by collecting the triage of the machines including analysis of packet captures. Preparing the Ad hoc reports as per the requirement to the client. Responsible for 24x7 SOC Operations. Helped in providing documentation and performing root cause analysis for the incidents. Knowledge on writing KQL quires. Gathered the evidences from the SIEM tool as per the requirement. Created watch list of executive users, service accounts and critical hosts for elevated monitoring.
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Current Company
Insight IT
