Mar 2022 – Mar 2025 · 3 yrs · Abu Dhabi Emirate, United Arab Emirates · On-site

• Experienced with using MITRE ATT&K framework and threat modelling frameworks to investigate incidents.
• Enhanced security alert monitoring, ensuring prompt detection and evidence preservation for compliance.
• Conducted host and network analysis, SIEM log analysis, and malware triage in support of incident response investigation.
• Utilised DarkWeb tools to track and analyse emerging threat actor TTPs (Tactics, Techniques, and Procedures) & indicators of compromise (IOCs) enabling proactive adjustments to security controls and incident response strategies.
• Conducted threat hunting using Threat Intelligence data 3rd party vendors.
• Implemented custom Microsoft EDR queries, provided use cases to be implemented in Microsoft Sentinel & EDR tool to identify anomalous network traffic patterns, leading to the discovery and containment of stealthy advanced persistent threat (APT) actors.

Jun 2020 – Feb 2022 · 1 yr 8 mos · Hyderabad, Telangana, India · Hybrid

• Worked as Analyst in SOC operations for real-time monitoring, analysing logs from various security by using SIEM, along with an extended role to perform Incident response actions escalated on behalf of SOC.
• Minimising organisations risk posture by keeping track of new vulnerabilities and providing timely patch recommendations, blocking of required Indicators of compromise from various Threat Intel sources and CERT advisories.
• Use OSINT to validate events, IOCs, collect inventory to identify threats and relate them to the areas of the organisation. Research and discovery into emerging threat groups (APTs) and techniques
• Contributed to the team by preparing SOC documentation includes Incident playbooks, SOPs, and other process related documentations.

May 2019 – Jun 2020 · 1 yr 1 mo · Bengaluru Area, India · On-site

• Working on application security, analyzing the attacks using tools IDS/IPS, Wireshark and Burp suit.
• Incident analysis and end to end investigation of the alerts and escalating them to concerned team if necessary as per agreed SLA.
• Performing Incident monitoring, analysis and response on alerts with proper artifacts.
• Regular interaction with the Application team to update regarding security issues being reported and following up with the respective team for investigation closure.
• Performing historical based analysis to identify True Positive incidents, IP's to be whitelisted and blacklisted by connecting dots.
• Analysing Phishing emails using TrendMicro Mail security tool.
• Using Gray Log (Security Information and Event Management) for log monitoring.
• Analyzing Crowd Strike ( EDR ) alerts for suspicious activities by In-depth analysis of the user behaviour, endpoint and network behaviour.

Dec 2018 – Apr 2019 · 4 mos · Bangalore · On-site

• Proactive engineering of Violations, Violators and data sources of our SNYPR application. Has worked on regular implementation of policies and correlation rules and also how each
• policy is triggered for different data source. Debugging and resolution of any issues independently or with the help of peer members. Follow up of previously raised tickets. Handover of daily reports to shift leads.

Aug 2018 – Dec 2018 · 4 mos · Bangalore

• Security Analyst, Information Security analyst, SOC Analyst, Security operations Center Analyst, SIEM, Cyber Security Analyst, SOC.