Skilled in incident management and threat analysis, with a focus on problem-solving and process improvement. Proven ability to investigate alerts and analyze evidence to enhance security posture.
Monitored security incidents and event management systems in a 24/7 environment.
Investigated alerts from MS Sentinel to determine causes and respond to threats.
Conducted investigations on EDR detections to identify threats and initiate containment actions.
Collaborated with stakeholders to escalate issues from email security platform alerts.
Analyzed evidence and recommended process enhancements for improved security posture.
Processed containment and remediation actions, ensuring resolution within SLA guidelines.
Developed Threat Models using STRIDE methodology for enhanced security monitoring.
Created detections based on prepared Threat Models within SIEM tools.
Onboarded log sources into SIEM tools to improve data visibility.
SIEM tool proficiency
Qradar and Splunk expertise
Endpoint and network security
SOAR implementation (Cortex)
Root cause analysis
Malware and phishing analysis
Incident response management
Intrusion detection systems
SOC operations management
MITRE framework