Cyber Security Analyst
Current▪ Provide cyber support in a 24x7 Cyber Security Operation Center (SOC), including detection, response, and support roles▪ Handled notable events generated by Splunk ES, such as authentication failures, connection to known malware sites, traffic from untrusted networks, and firewall denies.▪ Monitor and analyze SIEM alerts through Splunk using Splunk Search Processing Language (SPL) to identify security anomalies for investigation and remediation and provided recommendations to the technical teams via Jira ticketing system▪ Monitor and analyze company devices with Endpoint Detection and Response (EDR) solution, Crowdstrike Falcon, and differentiate false positives from intrusion attempts and triaged the necessary cases to higher levels▪ Conduct analysis to determine the legitimacy of files, domains, and emails using online resources such as VirusTotal, Hybrid Analysis, MX Toolbox, and other OSINT tools.▪ Assisted in phishing investigations, demonstrating proficiency with Proofpoint TAP to detect and analyze ▪ email security threats.▪ Analyze PCAP files, narrowed down anomaly traffic with Wireshark, examined the details of the infected hosts, and create IOC on executive summary reports▪ Review existing policies and guidance to ensure compliance with the National Institute of Standards and Technology (NIST) Risk and SANS Frameworks