SUMMARY

• Cyber security analyst with 7 years of IT experience, 4 as SOC, performing various security operations tasks.
• Good understanding of common network services and protocols.
• Good knowledge on cyberattacks and attack vectors.
• Good knowledge on deployment, configuration, or maintenance to support Enterprise EDR Solutions.
• Worked on security solutions like Antivirus, Firewall, IPS, Email Gateway, Proxy, IAM, Threat Intelligence.
• A broad understanding of technologies and concepts such as firewalls, proxies, SIEM, IDS/IPS, endpoint protection, IAM, and cloud
• Expertise in developing new SOC and IR playbooks for alert enrichment and triage, and Threat hunting.
• Strong hands - on experience in tools like Splunk for Security Incident and Event Management (SIEM)
• Good experience in working/communicating with cross-functional IT infrastructure teams like network, system, database, application, security to build and manage effective security operations.
• Deploying and maintaining Data Loss Prevention (DLP) and endpoint security controls.
• Good working knowledge on skills like Malware Analysis, Threat Hunting, Dark Web Monitoring
• Good working knowledge in using frameworks and compliances like MITRE ATT&CK.
• Developing use cases, threat detection logic and rules, and alerting in Microsoft Defender (EDR/XDR) platform for response by other Incident Detection & Response analysts.
• Integrate log/data sources from a Cybersecurity standpoint into a SIEM/Splunk/IBM QRadar and CORTEX XSOAR environment
• Good working knowledge and understanding of Cyber Kill Chain
• Good knowledge on Python, Linux Shell Scripting and Regular Expressions.
• OWASP Top 10

TECHNICAL SKILLS:

• Splunk
• Azure Sentinel and IBM QRadar for Monitoring
• CORTEX XSOAR for task automationLog AnalysisWiresharkMX Toolbox
• Tennable NESSUSAny.Run
• Zscalar
• ServiceNow
• XDR and EDR Microsoft Defender for endpoint
• KnowBe4 and Barracuda for phishing email analysis
• Code42 for Data Loss Prevention analysis.
• VirusTotal
• IPVoid
• URL Void
• Mitre Attacks Framework
• SQL Server
• Power BI
• Jira and Gitlab/Github for team and task tracking
• NIST Standards
• Cloud Technologies: Azure
• AWS.
• ARM Template (Infrastructure as Code)
• Terraform (Infrastructure as Code)
• DevOps

PROFESSIONAL EXPERIENCE

Confidential, TX

Sr. SOC Analyst

Responsibilities:

• Apply a Threat hunting processes with different threat hunting tools and techniques to detect and raise incidence for malicious activities and proactively uncover security incidence..
• Alert monitoring and Incident response using Splunk and QRadar SIEM solutions.
• Deep dive analysis of triggered alerts using SIEM, XSOAR and other analysis tools
• Build Playbooks and Automation scripts on Palo Alto Cortex XSOAR and other SOAR tools.
• Assist in creating documentation and implement XSOAR playbooks using Intelligence Driven Defense, and Defense in Depth methodologies.
• Monitor and analyze SIEM alerts through Splunk Enterprise and IBM QRadar and identify security anomalies for investigation and remediation
• Acknowledging and closing false positives and raising tickets for validated incidents
• Work with other IRT/SME in incident remediation by providing supporting data and recommendations
• Report findings to the appropriate parties and work with affected end-users as recommended
• Build weekly and monthly reports as per SOC Manager and CISO requirements
• Develop content for SIEM by writing custom parsers, correlation rules, dashboards, reports and alerts.
• Maintain up-to-date documentation of designs/configurations.
• Handling escalated alerts from other L1 Security Analysts
• Onboard log sources in alignment with the MITRE ATT&CK Framework
• Analyze threats from Firewalls, Endpoints, Servers, IDS/IPS etc. and identify a false positive and a true positive.
• Analyze suspicious email reports from email gateway quarantine queues and performing remediation
• Perform detailed analysis on the threats that are triggered and suspected to be true positives.
• Interact with Security Owners/Stakeholders, L2 & L3 Level infrastructure teams for remediation of security alerts like analyzing suspicious emails.
• Worked on Linux servers, search, manipulate and move files to other remote servers.
• Use threat hunting techniques to search for processes that are at risk to client servers using Linux.
• Generation & formatting of reports for Nessus Vulnerability scans performed.
• Weekly walk-through of latest attack trend, IOCs and TTPs to the team.
• Prioritize threat research and threat hunts based on active campaigns and intelligence.
• Assist in preparation of Security Operations Handbook (SOP).

Confidential, TX

Information Security (SOC) Analyst

Responsibilities:

• Monitor and analyzing SIEM alerts by following runbooks and using various tools.
• Generating and assigning tickets for validating incidents.
• Assist in conducting security assessments of systems and applications to identify vulnerabilities and recommend solutions for remediation where possible.
• Performed incident response activities such as forensics analysis, malware analysis, and log review
• Track threat actors and associated tactics, techniques, and procedures (TTPs).
• Maintaining and improving Playbooks and processes
• Drafting shift hand-overs
• Monitoring and troubleshooting Silent Log Sources
• Research, compile and organize monthly vulnerability reports
• Assist SOC lead in reporting
• Involved in creating phishing awareness campaign.
• Collaborate with cross SOC functions to design solutions to help accelerate threat detection, responses and remediation of security incidents in the organization
• Applying analytical understanding of attacker methodologies and tactics, system vulnerabilities, and key indicators of attacks and exploits.
• Providing on-call support for incident response efforts outside of core hours, as required.
• Build weekly and monthly reports as per SOC Manager and CISO requirements
• Actively involved in threat hunting activities from building hypothesis to finding evidence and enhancing security controls and detection logic
• Perform root case analysis of incidents/breaches

Confidential, TX

Azure Data Engineer/Azure Developer

Responsibilities:

• Implementing data integration solutions using Azure Data Factory and Synapse Analytics.
• Creating and adding uers to user groups and projects using the Azure Active Directory AAD.
• Managing permissions to users to maintain limited access to resources.
• Assist and also support cloud infrastructure deployments to include but not limited to cloud resources.
• Support team in creating and deploying Azure resources like VMs and Storage accounts including and not limited to containers.
• Deploying Azure Synapse Workspace and Azure Data Factory resources.
• Used python and pyspark to manipulate and clean data.
• Worked on Linux servers to manipulate and review, move files to other remote servers.
• Implementing load balancer in Azure platform with VMs.
• Coordinate customer demos as well as internal demos to enable learning and cross-