About
Security Analyst with around 3 years of hands-on experience in Capgemini in Information Security, specializing in security monitoring, incident detection, and response. Strong expertise in working with Sentinel SIEM for log analysis, alert triage, dashboard creation, and threat investigation. Proven experience in EDR and endpoint security administration, including monitoring endpoint activity, investigating suspicious behavior, and responding to security incidents. Skilled in phishing email analysis, identifying malicious indicators, performing header and URL analysis, and recommending remediation actions.
Skills & Expertise (18)
Work Experience
Security Analyst
Capgemini
Sep 2024 - Present
Managed security operations, specializing in EDR and SIEM tools. Experience in working on host isolation and advanced threat analysis using EDR Microsoft Defender ATP. Experience in creating Log Analytics workspaces, conditional access policies, and detection rules using Defender 365 and Azure Sentinel. Good hands-on experience in providing KT sessions and trainings, and in assigning tasks to juniors. Handling spam and phishing email submissions from end-users, taking containment steps by further investigating domains and IPs to recommend proper blocking, and creating SPF, DKIM, and DMARC records for domains to protect against spoofing. Strong experience in managing Endpoint Agents over Windows and Linux operating systems, Active Directory integrations, and Windows Event Logs. Strong knowledge and working experience in Office 365 email gateway solutions; fully owning, managing, monitoring, and administering the email security stack and policies for both on-premises and cloud environments, including Office 365 email security solutions. Taking appropriate action based on advisories and IOCs, identifying threat actors using MITRE ATT&CK, and coordinating with respective teams to block IOCs. Analyzed and investigated phishing, malware, spam, and BEC (Business Email Compromise) threats detected by Proofpoint. Experience in AIR (Automated Investigations and Remediation) policies and their implementation. Extensive experience in conducting in-depth investigations by collecting package data and performing live response in the Defender portal. Good hands-on experience in creating SOPs, playbooks, and runbooks using Sentinel and Defender, as well as creating and managing endpoint health check reports and vulnerability reports to reduce exposure score. Proficient in Kusto Query Language (KQL); very good at writing and optimizing queries to analyze large datasets in Azure Sentinel and Microsoft Defender. Escalating security incidents based on client SLAs and providing meaningful insights related to security incidents by conducting in-depth event analysis to ensure business security. Good hands-on experience in the integration of AWS and Azure security, implementing policies, and fine-tuning rules.
Security Analyst
ITC Private Limited
Aug 2023 - Aug 2024
Worked on security operations, particularly with Microsoft Defender ATP and SIEM systems. Experience in writing correlation rules and monitoring Enterprise Security applications. In-depth knowledge of endpoint protection (AV, HIPS, and DLP). Good hands-on experience in managing P1 bridge calls, involving stakeholders, and creating incident response reports for critical incidents. Experience in handling and deploying Defender agents onto servers for onboarding into Defender, and troubleshooting agent connectivity issues using MDE Client Analyzer. Strong experience in managing Endpoint Agents across Windows and Linux operating systems, including Active Directory integrations and Windows Event Logs. Prepare endpoint compliance reports and initiate remediation activities where required. Managed user quarantine, allow/block lists, and phishing simulations. Experienced in creating automation rules for closing incidents and alerts to reduce false positives. Provide regular monitoring, triage, and incident response to automated security alerts using SIEM tool Azure Sentinel. Good understanding of Azure Active Directory, Azure MFA, and Conditional Access. Experience in monitoring, responding to, and analyzing trends in workstations, servers, and security-related events involving EDR, antivirus, and email security solutions. Perform daily, weekly, and monthly scheduled tasks for Microsoft Defender ATP. Integrated Proofpoint logs with SIEM (Microsoft Sentinel) for centralized monitoring and alert correlation. Experienced in handling true positive incidents, performing timely remediation, preparing IR reports, and analyzing advanced system-based threats using Defender for Endpoint. Managed Splunk SIEM, created new alerts for security use cases, and integrated log sources into the SIEM solution.
Education
Master Of Computer Application: MCA - Dr Lankapalli Bullayya PG College
2020 - 2022 · India
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Citizen
Relocation
Open to Relocation