Keerthana Anbazhagan

Key Qualifications and Responsibilities

• Incident Detection and Analysis: Investigated alerts related to endpoint security, such as malware infections, unauthorized access attempts, and system anomalies. Utilized EDR(CrowdStrike) & NDR(Darktrace) tools to analyze and remediate threats.
• Root Cause Analysis: Perform root cause analysis to determine how endpoints were compromised and implement measures to prevent recurrence.
• Phishing Incident Response: Lead investigations into phishing incidents, including identifying compromised accounts, analyzing attack vectors, and implementing effective remediation strategies.
• Analyzed UBA data from Exabeam to detect and respond to abnormal user behaviors, such as excessive file access or unusual login patterns.
• Worked on XSOAR automation enrichment and Finetuning Correlation rules in Splunk for false positive alerts.
• Documented incident responses and contributed to the creation of knowledge base runbooks.

Key Qualifications and Responsibilities

• Experienced in analyzing the offenses triggered in SIEM Tool (Qradar)and identifying the true and false positive offenses in it
• Experienced in analyzing cloud-based alerts in Microsoft Defender for Cloud Apps (MDCA) & Prisma, malware analysis in Cisco AMP for Endpoints, Microsoft Defender and documented the evidence in ServiceNow
• Performing dynamic malware analysis using Sandbox - Fire Eye AX, Anomali and OSINT tools
• Finetuning rules in SIEM to avoid False positive offenses
• Common Corporate SOC Mailbox monitoring, Phishing mail analysis
• Handling IOCs and Adhoc requests
• Maintained SLA in all the offenses handled
• Worked on monthly project reports
• Provided Knowledge transfer sessions to new team members.