About
Security Analyst with 3 years of progressive experience in cybersecurity. Skilled in evaluating business systems to identify risks and compliance challenges, with a strong ability to develop sustainable security solutions that enhance protection and resilience.
Skills & Expertise (31)
Work Experience
Security Analyst
SAP Labs India Pvt Ltd
Dec 2022 - Present
Highly hands-on experience in Azure Security, including creating playbooks, runbooks, and automation rules, as well as implementing data connectors and onboarding agents. Experience in managing Defender firewall policies, device exceptions, and other security rules via the Defender Intune portal. File blocking, virus definition reporting, and endpoint reporting. Good knowledge of creating playbooks using the predefined Logic Apps, implementing data connectors, and creating the log analytics workspaces using Azure Sentinel. Experienced in creating group policies and assigning roles using the Intune console. Experience in creating playbooks, runbooks, and automation rules in Azure Sentinel using the conditions to autoclose incidents. Experienced in initiating the vulnerability scans on the production and non-production servers to fetch the automated reports for the impact of the applications and exposed devices of the vulnerability. Performed folder exclusion policies, other device-based policies, and tags in Defender for Endpoint. Experience with log analysis and incident management using Splunk Enterprise Security. Experience in creating Log Analytics workspaces, creating conditional access policies, and detection rules using Defender 365 and Azure Sentinel. Monitoring, analyzing, and responding to infrastructure threats, vulnerabilities, and risks. Collecting the logs of all the Windows, Linux, and network devices, and analyzing the logs to find suspicious activities. Experienced in creating and fine-tuning compliance policies and ASR rules using the Intune portal. Strong knowledge and working experience in Office 365 email gateway solutions; fully owning, managing, monitoring, and administering the email security stack and policies for both on-premises and cloud environments, which include Office 365 email security solutions. Update and closure of SOC - Security incidents/tickets under Service Level Agreement. Reports preparation like SIEM Health Checklist, Daily Cyber watch report and Process Document. Preparation of SOP - Standard Operating Procedure for the SIEM alerts raised, reports and all the newly tasks in SOC environment. Analysis of Phish emails reported by users to identify the type of attack and take immediate remediation. Experience with system security concepts, tools, implementation, DLP, CASB, and integration with various data sources and application stacks. Experienced in examining suspicious emails for malicious content and providing recommendations on remediation actions using Office 365. Performed root cause analysis for the incidents reported at the security operations center. Good hands-on experience with creating use cases and custom detection rules related to SPL & KQL. Configure and manage dashboards, notebooks, data connectors, and playbooks in Azure Sentinel. Hunt security threats using Azure Sentinel. Good knowledge in analyzing different malicious executables and documents. Good understanding of Azure Active Directory, Azure MFA, and conditional access. Experience in onboarding and off-boarding Windows Server 2016 R2 and 2019 by installing the MMA/unified agent and troubleshooting server-level issues. Proficient in security tools and technologies such as SIEM, EDR, IDS/IPS, firewalls, and vulnerability scanners. Experienced in whitelisting and blacklisting web applications using MCAS. Experienced in analyzing the Azure audit logs and sign-in logs of the user, checking the interactive and non-interactive sign-ins of the Azure account-related domains. Experience in analysing phishing and malicious email campaigns to identify IOCs, contain those IOCs, and implement an email fraud defence to secure the environment from hackers and fraudsters. Perform health checks for AV infrastructure, and distribute reports regularly. Responding to in-house queries and guiding users with threat remediation strategies and best security practices. Experience in creating log analytic workspaces and policies in Azure Sentinel, with good hands-on experience in creating automation rules to auto-close incidents. Experience in adding and deploying a client onboarding configuration file; Configuration Manager can monitor deployment status, and Microsoft Defender ATP agent health. Implementation of use cases using KQL with complex correlation across different data sources in Azure Sentinel. Experience in Rapid7 Vulnerability Management tool to perform vulnerability scanning and reporting. Experience in creating runbooks, SOPs, and documents supporting the Security Operations. Experience in writing correlation rules and monitoring Enterprise Security Application. Prepare Endpoint Compliance reports, and initiate the remediation activities wherever required. Experience in configuring the ServiceNow ticketing tool with Defender and Splunk to automatically create a ticket in ServiceNow for work notes, and maintain records. Experienced in creating runbooks and playbooks using the Logic Apps in Azure Sentinel. Good knowledge of the MITRE ATT&CK framework, the diamond model, and other cyber threat kill chains. In-depth understanding of the latest techniques used by attackers for persistence, privilege escalation, defence evasion, and lateral movement. Investigating suspicious mail and taking necessary actions, such as blocking IPs, URLs, sources, and the sender's mail ID, by coordinating with different teams. Experience in handling and creating AWS workspaces, deploying ISO files, and onboarding them into Defender 365.
Education
B.S.C-COMPUTERS - Vidyanidhi Degree College
- 2021 · Afghanistan
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Citizen