Soc Analyst Associate
Current• Provided platform training, demos, and SIEM engineer support to clients, troubleshooting LogRhythm and optimizing its SOAR implementation.• Developed YARA rules, use cases, and dashboards within multiple SIEM platforms, including Logpoint, LogRhythm, FortiSIEM, and an in-house SIEM.• Integrated SIEMs with APIs, customized tools, and led threat emulation exercises as part of purple team engagements.• Developed incident response playbooks and created and tuned alerts to ensure accurate detection and effective response to security events, addressing specific threat scenarios.• Implemented Sysmon for Linux to provide extensive MITRE ATT&CK coverage and improve threat detection capabilities.• Executed incident response on actual security incidents in client environment, ensuring effective resolution and mitigation of threats,• Integrated threat intelligence with SIEMs to significantly improve detection capabilities and overall security posture.• Managed log source enrollments and provided logging recommendations to enhance security visibility.• Added SIEM data sources to Grafana to enhance monitoring capabilities and visualize security metrics more effectively.• Simulated recent threats in lab environments, performed threat hunting, and explored attack-defense scenarios in a custom lab.• Monitored security incidents and handled client requirements during shifts, while staying updated on the latest cyber threats and news to anticipate and defend against emerging risks.