Incident Response Analyst

MUKTIPRIYA DHANEE

Incident response analyst

574-***-**** ************@*****.*** https://www.linkedin.com/in/mukti-priya-dhanee-278237b0 Coyoto Creek Drive,Okemos,Michigan.USA

EXPERIENCE

Incident response analyst

State of Michigan

11/2022 State of Michigan, Okemos, Michigan

My role here as an incident response analyst was quite challenging It was in a new country with advanced tools and technologies We processed around 70-100 tool alerts a day and 50+ abuse alerts Hands-on experience with goot-loader, fake updates, ICEBALL, ASYNC rat, and many more.

Our day-to-day jobs are to perform high-level investigations on incidents, find the root cause of the infection, and cut it off at the source Work on lab detonation of malware to generate more rules Fine-tune false positive alerts to avoid working on benign alerts Work on playbooks and automation to reduce analysis time on the alerts Writing queries and looking for suspicious tools installed in users' devices, such as sleep caffeine, malware pdf convertors

I worked briefly with the forensics team to provide support Information security analyst

British Telecom

08/2019 - 03/2021 Gurgaon

I was a part of shared SOC - CYSOC

The project supported the entire BT employees and 50 commercial clients We monitor and triage alerts on various tools like QRadar, Splunk, Crowdstrike, McAfee Nitro, etc

We ran SOC operations 24*7

Day-to-day operations include processing SIEM alerts, EPO alerts, phishing emails, and unauthorized software alerts

Running internal audit drives and making sure the external audits go smoothly Monitoring, Correlation, and analysis of Security events to determine intrusion and malicious events

Ability to compile detailed cyber investigation and analysis reports for internal SOC consumption and delivery to management

Providing L1 and L2 investigation of security events with recommendations to the customers

Security event data and conduct log analysis from EDR, SIEM Every spam mail was collected in resilient; performed a phishing check-in in a sandboxed environment

Used QRadar, a SIEM tool, to acknowledge and work on malware and malicious alerts triggered

Performed PCI compliance for bank customers

Security Analyst

Downer Group

11/2017 - 08/2019 Noida, India

Learned working with Splunk

Created SPL queries for alerts, dashboard, and reports Created Use Cases for ESS App

Performed event investigations, and determined the cause of security incidents Monitored dashboards and logs for potential threats Performed Splunk health check

Theoretical knowledge of installing and configuring forwarders Integration of various devices with Splunk App

Reviewed security exemptions and renewal of security exemptions documentation Standard operating procedure documents for SPAM

Change handling and incident management

Root cause analysis report of problem incidents

Major incident reports of Priority 1 and 2 incidents Published security advisories

BAU tasks: IT security approvals for access to other mailboxes Allowlist and blocklist of URLs and other environment-specific approvals SUMMARY

8+ years of experience in cybersecurity. Proficient in making a deep-level analysis of security incidents, identifying root causes, and remediating them. Skilled in utilizing industry-leading tools and technologies to detect, contain, and eradicate malicious applications, IPs, or domains. Demonstrated ability to collaborate cross-functionally with Secops and Forensics to ensure swift resolution of incidents. Commitment to seek

continuous improvement and stay updated on

emerging cyber threats and best practices

•

KEY ACHIEVEMENTS

Efficient Alert Processing

Reduced alert processing time by 30% through

automation of analysis workflows.

Automation

Create automation playbooks to reduce analyst

time in investigations.

Declared incidents

ensured actionable items are implemented to avoid

BEC's malware's being run.

High Alert Throughput

Processed 70-100 tool alerts daily, achieving 95%

accuracy in threat detection.

LANGUAGES

English

Proficient

SKILLS

Azure Cisco EDR Encryption

Forensics Internal Audit Log Analysis

PCI QRadar Qualys SiEM Splunk

Swift McAfee EPO Trellix Defender

Crowdstrike Reverse Engineering

Threat Hunting McAfee XSOAR

INTERESTS

Threat Hunting

www.enhancv.com Powered by

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

E q

EXPERIENCE

Security operations analyst

A.P. Moller Maersk

10/2015 - 11/2017 Gurgaon, india

Managing McAfee EPO Infrastructure for over 21k nodes Perform day-to-day administration tasks, upgrades, and troubleshooting related to EPO

AV and Endpoint Encryption

Automation using Queries and Reports, Client Task Creation, and Working with Policy catalog

Creating and managing Distributed Repositories

Troubleshooting Product issues using McAfee MER, EEtech tool, and log analysis Ensuring that IT SLAs are met and customers are provided with exceptional customer service

Successfully Migrated from EPO 4.5.4 to 4.6.3 with VSE 8.7 EDUCATION

Computer Science engineering

Sikkim Manipal institute of technology, sikkim

08/2011 - 08/2015 Sikkim

Information in systems and security

University of the cumberlands

05/2021 - 09/2023 Kentucky

Post Graduate Program in Artificial Intelligence and Machine Learning: Business Applications

University of Texas (Great Learning)

10/2024 online

www.enhancv.com Powered by

•

•

•

•

•

•

•

•

Contact this candidate