Cyber Security Analyst
Current- Monitored and protected network infrastructure using SIEM, EDR, and email security tools which ensured organizational security posture.- Efficiently detected, investigated, and remediated threats within a live SOC environment utilizing Splunk Enterprise Security, Crowdstrike Falcon, Proofpoint, IBM QRadar, and SentinelOne. - Improved endpoint security of SOC infrastructure by intelligently responding to, and documenting, security incidents such as brute force attacks, excessive user login failures, phishing attempts, unauthorized vulnerability scans, suspicious user behavior etc.- Created comprehensive records of investigative findings using Jira ticketing system and escalated high-priority cases to SOC manager for further review.- Successfully performed triage analysis in alignment with industry-recognized incident response plans such as the NIST and SANS frameworks.- Referenced the Cyber Kill Chain, Mitre ATT&CK, and Diamond Model of Intrusion Analysis frameworks to further guide investigations by developing a deep understanding of a threat actor’s process of exploiting vulnerabilities within a network.- Utilized a wide range of OSINT tools including, but not limited to, VirusTotal, IBM X-Force Exchange, AbuseIPBD, JoeSandbox, MX Toolbox, and URLscan.io to enrich threat intelligence, and further legitimize reports.- Provided root cause analysis and also recommendations for possible remediation steps to be taken by lead analyst or SOC manager.