Aug 2023 – Jun 2024 · 10 mos

• · Provided L1 and L2 technical support for broadband and enterprise internet services.
• · Diagnosed and resolved network connectivity issues, DNS errors, and VoIP-related problems.
• · Escalated complex incidents to L3 network engineers and coordinated with field technicians for on-site resolution.
• · Educated customers on security best practices to prevent unauthorized access, phishing, and malware infections.
• · Maintained accurate incident reports, logs, and technical documentation to support audits and future reference.
• · Assisted with firmware upgrades, patch management, and vulnerability assessments for networking devices.
• · Fine-tuned Data Loss Prevention (DLP) policies in Zscaler, reducing false positives and mitigating web-based attacks and fraud attempts.
• · Improved incident response efficiency by 40% through proactive monitoring and remediation of alerts from endpoints, cloud environments, email systems, and network devices (IDS/IPS) using Cortex XDR.
• · Utilized Splunk SIEM to monitor, analyze, and correlate security events, create alerts, and generate reports for threat detection and incident investigation.
• · Enhanced threat hunting by correlating Indicators of Compromise (IOCs) from phishing campaigns with MITRE ATT&CK tactics and techniques.
• · Analyzed reported suspicious emails using Cortex XSOAR, identifying phishing, spam, and advanced threats.
• · Supported IT risk management activities, including IT audits, ITGC reviews, and SOX compliance assessments.

Jul 2021 – Jun 2023 · 1 yr 11 mos

• · Monitored security alerts and events in SIEM solutions such as Splunk and QRadar, performing initial analysis to identify potential threats.
• · Conducted first-level triage of incidents, gathering relevant data and escalating to L2/L3 analysts as needed.
• · Investigated phishing reports by analyzing email headers, URLs, and attachments to detect malicious activity.
• · Reviewed endpoint alerts from EDR tools such as Cortex XDR, Forcepoint, Sophos, and Trellix to verify potential compromises.
• · Performed basic threat hunting by searching for known IOCs in logs, firewall data, and DNS queries.
• · Documented all incidents, investigations, and findings in the ticketing system for audit and knowledge sharing.
• · Applied security playbooks in SOAR platforms such as Microsoft Sentinel and Cortex XSOAR to automate repetitive response tasks.
• · Verified and validated alerts to reduce false positives, tuning detection rules in coordination with senior analysts.
• · Followed standard operating procedures (SOPs) for incident handling in accordance with NIST and CIS Controls.
• · Provided real-time updates to L2/L3 teams during active security incidents, ensuring smooth escalation and response.
• · Participated in regular SOC shift handovers, communicating ongoing investigations and pending tasks to incoming analysts.

Jan 2019 – Jun 2021 · 2 yrs 5 mos

• · Conducted incident response activities, including threat containment, eradication, and recovery, while documenting findings and implementing corrective measures.