Information Security Network

Indraja U

SOC ANALYST

E-MAIL : *******.***********@*****.***

MOBILE +91-778*******

Dedicated Information Security Analyst with 3+ years of experience in targeting a challenging role in a Security Operations Center (SOC) environment to leverage expertise in threat analysis and security monitoring, targeting functional areas such as cyber security, network security, and incident management across various industries.

PROFILE SUMMARY

Accumulated 3+ years of extensive experience in Information Security, focusing on Threat Analysis and Security Monitoring within SOC environments across diverse industries.

Proficient in key skills and competencies such as Threat Analysis, Security Monitoring, SIEM Tools –

Splunk Enterprise, Phishing Analysis, Log Analysis, and Network Security.

Possess strong leadership qualities, displayed through training and onboarding new team members, providing guidance and support throughout the process.

Expert at leveraging a diverse skill set, including expertise in SIEM tools, phishing analysis, log analysis, and network security, to effectively detect, analyze, and mitigate security threats in SOC environments.

CORE COMPETENCIES

Information Security

Security Operations Center (SOC)

Threat Analysis & Detection

Security Monitoring

Incident Management

SIEM Tools

Phishing Analysis

Security Solutions

Log Analysis & Correlation

SOFT SKILLS

Problem-solving

Collaborator TECHNICAL SKILLS

SOC (Security Operations

Center) Online Security Tools: MX Toolbox,

Communicator Analytical Planner

Detail-Oriented

Phishing Analysis

WAF:Barracuda

Firewall: Palo Alto

SIEM: Splunk, MS Sentinel

EDR: Microsoft defender, Sentinel One

Virus Total, Cisco Talos

Log Analysis

Network Security

EDUCATION

Completed B. Tech from Gouthami Institute of Technology and Management for Women in the year of 2021.

WORK EXPERIENCE

Responsibilities:

Actively monitor security events using Splunk Enterprise, Microsoft Sentinel analyzing logs and investigating incidents to identify and mitigate security threats, ensuring the organization's security posture remains strong.

Proficient in using Microsoft Sentinel for continuous monitoring and real-time incident response to security threats and anomalies

Collaborate with cross-functional teams, including network and system administrators, to ensure the timely resolution of security incidents and the implementation of security controls, fostering a secure environment.

Actively monitored EDR alerts for suspicious activities, including file modifications, unauthorized access, and malware behavior.

Familiar with emerging security threats, malwares & their attack vectors.

Work closely with third-party vendors and manage security service providers (MSSPs) to ensure effective implementation of security solutions, maintaining a robust security infrastructure.

Participated in PCI DSS audits to ensure compliance with security standards, displaying a strong understanding of regulatory requirements and best practices.

Investigated and triaged incidents flagged by EDR tools (Sentinel One, Microsoft Defender) to identify false positives and prioritize response actions.

Security event analysis and intrusion detection by review and analysis of events generated by various components including firewalls, Routers, and various types of security devices.

Monitored security events in a 24x7 Security Operations Center, detecting and preventing intrusion attempts, safeguarding client networks and data.

Coordinating with On-call, Threat Intelligence for analysis of the threat related issues.

Analyzed logs of various network devices (IDS/IPS, Firewall) and operating systems (Windows) using SIEM tool identifying potential security threats and vulnerabilities.

Collaborated with cross-functional teams to ensure the security of client networks and respond to infrastructure threats and vulnerabilities, maintaining a secure environment.

Conducted real-time monitoring, investigation, analysis, reporting, and escalation of security events from multiple log sources, contributing to the overall security posture of the organization.

Troubleshoot SIEM dashboard issues and provided recommendations for managing security incidents, displaying strong problem- solving skills and technical expertise.

Work closely with the rest of the security team to ensure that our systems and networks are secure and compliant with industry standards.

Worked closely with Tier 2 analysts and incident response teams to escalate and remediate complex threats.

Assisted in analyzing endpoint events to determine the scope and impact of security incidents.

Contacting the customers directly in case of high priority incidents and helping the customer in the process of mitigating the attacks.

Taken care of providing the report on Daily basis with false Positive and True Positive trend.

Handle P1 and P2 incidents under the direction of leads and specialists. Follow through to closure P3 and P4 incidents.

Utilized Microsoft Sentinel to monitor security events, triage alerts, and investigate potential security incidents, ensuring rapid identification and response to security threats.

Helping in Creation of reports and dashboards and rules for fine tuning.

Create tickets for necessary tasks that need to be executed by external teams. Ensure tasks are communicated via email to the respectable team(s), as well as documenting and tracking activities within tickets according to ticketing procedures and annotating in shift logs according to shift report procedures. Conduct systems and tools health checks

Actively processed and categorized security alerts generated by Microsoft Sentinel, identifying critical incidents and escalating them to senior analysts as needed

Preparing RCA document and daily/weekly/monthly Reports

Maintain the security of our network and systems by implementing security controls and best practices.

Understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity, exfiltration, credential access, etc.

Communicate effectively with team members and other stakeholders to ensure that security issues are addressed in a timely and effective manner.

Handling multiple customers globally analyzing the customer networks for potential security attacks

Carrying out log monitoring and incident analysis for various devices such as Firewalls, IDS, IPS, Email Security, EDR, AD, WAF.

Hands-on experience with industry-leading EDR tools such as Sentinel One and Microsoft Defender for Endpoint.

Coordinating with On-call, Threat Intelligence for analysis of threat-related issues.

Ensured EDR coverage and compliance across all organizational endpoints.

Conducted in-depth EDR analysis to identify malicious activities and contain threats promptly.

Leveraged Microsoft Sentinel’s KQL (Kusto Query Language) to analyze raw log data and correlate events across various security tools, improving threat detection accuracy.

Support security incident response processes in the event of a security breach by providing incident reporting.

Good understanding of Cyber Attacks like DOS, DDOS, MITM, SQL Injection, and XSS.

Detect, document, respond to and escalate events and incidents in accordance with MSS Incident Handling policies and procedures.

Utilized Microsoft Defender, and Sentinel One for EDR to detect and respond to advanced threats on endpoints.

Performed endpoint isolation and containment using EDR tools to prevent lateral movement during active threats.

Analyzed EDR logs to identify Indicators of Compromise (IOCs) and generated detailed incident reports.

Prepare daily, monthly, and yearly reports and send to Business.

Conduct initial triage, declare events/incidents, create incident cases, gather evidence, track, and update incident status, and identify additional action items.

Having hands on experience using various penetration testing tools like Burp-Suite, N-Map, Nessus, Tenable, Qualysguard, Codenomicon for assessing security vulnerabilities in networks and applications and also performed both automated and manual testing to identify security gaps and recommend remediation strategies.

Also used Wireshark, Scapy for packet analysis for both manual and automation.

Used Burp Suite to test a web application for security vulnerabilities andidentified a SQL injection flaw by intercepting requests and modifying parameters by using SQLmap, I confirmed data extraction was possible. So I documented the issue, provided recommendations, and helped the team implement mitigations, strengthening the application’s security.

Worked in Tata Consultancy Services (TCS) as a SOC Analyst from July 2021 to April 2022.

Worked in Nokia Solutions and Networks as a SOC Analyst from May 2022 till date.

DECLARATION

I hereby declare that the above furnished information is true to the best of my knowledge and the information furnished above is true to the best.

Date:

Place: (Indraja. U)

Contact this candidate