Oct 2024 – May 2025 · 7 mos · Gurugram, Haryana, India · On-site

Sep 2022 – Oct 2024 · 2 yrs 1 mo · Gurugram, Haryana, India · On-site

• Led daily threat hunting initiatives, identifying and mitigating advanced persistent threats (APTs) and zero-day attacks. Detected old ransomware files and followed incident management SOP as per the information security and cyber security policy.
• Performed regular vulnerability scans, analyzed results, and coordinated remediation efforts, reducing risk exposure by 42%.
• Configured, maintained, and optimized SIEM platform for real-time security monitoring and incident response. Performed finetuning on all the security tools and reduced the false positive by 52% and ensure that trues positive are not affected and maintained confidentiality, integrity and availability of confidential information.
• Optimized and managed EDR and ETP solutions, enhancing endpoint visibility and threat detection. Integrated different modules like logon tracker, process tracker and enhanced the monitoring on True positives by 22%.
• Developed and implemented data loss prevention (DLP) and cloud access security broker (CASB) policies to protect sensitive information across the organization after successful testing. Reduced the false positives by 62% by finetuning policies on the basis of identifying and whitelisting top sources, top destination and policy keywords.
• Implemented privileged access management (PAM) strategies to control and monitor administrative access. Identified and onboarded 138 critical servers and 42 users. After successfully managing the operation through PAM, blocked RDP connection of every server.
• Conducted and coordinated VAPT Activity
• Taking backups of SOC Critical applications & servers and maintaining all the evidence for the yearly audit.
• Performed Governance, Risk and Compliance on Security Operations Resilience.
• Coordinating digital forensics and incident response with external vendor if required.
• Managing and Maintaining IAM of all the security tools.

Jan 2021 – Sep 2022 · 1 yr 8 mos · Noida, Uttar Pradesh, India

• Sifting through SIEM (System Information and Event Management), DLP and CASB Alerts which are escalated by L1 analysts. Distinguishing critical events from false positives or auto prevented events. Monthly 5-6 incidents were reported and shared with CISO.
• Conducting thorough investigation, gathering additional logs and threat intelligence to understand and confirm the threat. After that escalation / report creation is done along with evidence of alert triaging.
• Taking required actions like containment / isolation of the information asset, remediate any harm and prevent further damage.
• Continuous threat detection and analysis was performed by carefully monitoring the security tools and logs for suspicious activity, anomalies and potentials indicators of compromise (IOCs). Analyze the collected data and proactively perform threat hunting to search for hidden threats within the network to identify vulnerabilities and potential threats.
• Protect the attack surface from different attack vectors by continuously monitoring and learning about new threats, vulnerabilities and security threats to stay ahead of evolving cyber threats.
• Collaborating with other SOC Members, IT Teams and external stakeholders to share information, coordinate efforts and resolve the security incidents to protect the organization from any kind of cyber-attack.
• Continuously finetuning the rules to reduce false positives and improve detection accuracy.
• SOC Analyst at Net Connect Global Pvt Ltd (Working in IBM on contractual basis)
• Alert Monitoring and raising the threats with relevant stakeholders to eliminate and secure the infrastructure.
• Daily report generation containing the threats eliminated and Data loss prevented by the SOC Team.
• Monitoring the Cloud security tool for any compromised credentials, Malware present, data shared outside the organization, User behavior analytics, unusual login, security assessment of virtual machine.