Md Arman Khan
New Delhi
Summary
Experienced SOC Security Analyst (L 1) with over 3.8 years of expertise in MSSP, hybrid SOC (banking sector), and internal SOC environments. Skilled in incident triage, monitoring security alerts, reducing false positives, and ensuring SLA adherence. Proficient in various SIEM, XDR, and endpoint security solutions, with hands-on experience handling multi-client environments and security operations.
Overview
4
4
years of professional experience
4
4
Certifications
3
3
Languages
Work History
Cyber Security Analyst
Sattrix Information Security Ltd.
06.2024 - Current
- Threat Detection & Analyst: Leveraged expertise in SIEM (ArcSight, Qradar) and XDR solutions (Trend Micro XDR, Secureworks XDR, Microsoft Defender for Endpoint, ESET) to enhance threat detection and reduce security breaches through proactive monitoring.
- Incident Response: Conducted thorough incident triage, investigation and remediation, reducing response time and minimising business impact for multiple clients.
- Bridge Call Participation: Actively participated in bridge calls for critical incident remediation collaborating with cross-functional teams to contain and resolve high-severity incidents.
- Root Cause Analysis (RCA): Performed in-depth RCA for critical incident identifying patterns and implementing preventive measures to reduce recurring threats.
- Proactive Threat Hunting: Conducted proactive threat hunting using threat intelligence tools like Cloud sek Vigil, Identifying and mitigating previously undetected threats.
- Log Analysis & Fine-Tuning: Performed log analysis and alert Fine-tuning, reducing false positives by 40% and improving detection accuracy across monitored environments.
- Client Coordination & Custom Requirements: Fulfilled client-specific security requirements, including fine-tuning alerts, generation tailored reports, and attending client meetings to ensure security expectations were met.
- Dashboard & Report Management: Created custom dashboard and generated weekly/monthly security reports aligned with client and compliance requirements.
- Training & Mentorship: Provided guidance and mentorship to junior analysts, improving SOC team efficiency and fostering a continuous learning environment.
- SLA & KPI Management: Ensured adherence to Slas and KPIs for incident response, reporting, and resolution times, maintaining high operational efficiency.
- Rule fine-tuning: Fine-tuning rules in cybersecurity involves refining and optimizing detection, prevention, and response mechanisms to improve accuracy, reduce false positives/negatives, and adapt to evolving threats.
- Reduce False positives: Adjust thresholds and conditions to prevent legitimate activity from being flagged as malicious.
- Conducted phishing simulation exercises to assess employee awareness and response to simulated phishing attacks.
- Analyzed results to identify vulnerabilities and areas for improvement.
- Developed targeted training programs to enhance employee education and vigilance.
- Monitored and troubleshot ArcSight ESM and SmartConnectors by analyzing logs (agent.log, wrapper.log) to ensure smooth data collection.
- Verified end-to-end event flow by validating log ingestion in Active Channels and identifying issues in parsing, filtering, and source connectivity.
- Performed system health checks including disk utilization, EPS monitoring, and performance tuning to prevent event loss and ensure SIEM availability
ENPHASE SOLAR ENERGY: SOC ASSOCIATES
03.2022 - 03.2024
- Monitor Security Events: Oversee security events of critical systems (e.g., email servers, database servers, web servers, Active Directory) and changes to sensitive security controls to ensure proper system administration actions.
- Investigate and Report Irregularities: Investigate and report on irregularities in security events with the help of IBM QRadar.
- SIEM and Device Health Reporting: Manage and report on SIEM and security device health status regularly to relevant stakeholders.
- SOC Level 1 Investigation: Perform SOC Level 1 investigation on escalated Threats, events, and incidents.
- Manage Engine Ticket Creation: Create new Manage Engine tickets for alerts that signal potential incidents and escalate them to Tier 2 | Incident Response for review.
- Alert Analysis: Analyze the latest alerts to determine relevancy and urgency.
- Case Creation and Notifications: Create cases in Manage Engine and prepare notifications for technical teams to act on incidents.
- Phishing/Malicious Email Handling: Work on phishing or malicious emails reported by users via the security mailbox.
- Offense Monitoring: Monitor offenses and perform initial analysis to determine whether they are true positives or false positives.
- Incident Follow-ups: Perform follow-ups as per the escalation matrix to ensure incidents are closed with appropriate corrective actions in place, maintaining SLA compliance.
- Track Enquiries and Responses: Document and track the status of enquiries, coordinate responses, and follow up to ensure customer satisfaction.
- Incident Status Updates: Keep track of the number of incidents open across all teams and provide updates from the previous shift.
- Trend Analysis: Conduct daily and monthly trend analysis on security.
Education
B-tech - Civil Engineering
AKTU
01-2023
Diploma - Civil Engineering
Jamia University
01-2019
Higher Secondary School Certificate - HSSC
Bhimrao Ambedkar College
01-2016
Skills
Threat Detection and Analysis Incident Response/ Security Monitoring
Team Collaboration
Client Communication
Security Monitoring and Analysis
Security Incident Handling and Escalation
Custom Report Creation
SIEM Tools: ArcSight, Qradar
EDR Tools: Microsoft, Defender for Endpoint, CrowdStrike, Trend Micro Apex Central
Operating System: Linux, windows, MacOS
Ticketing Systems: ServiceNow, JIRA, SMAX
Cloud Platform: Azure Certification
Certification
CERTIFIED ETHICAL HACKER (CEH)
Declaration
I hereby declare that the above-mentioned information is true and correct to the best of my knowledge and belief. Md Arman Khan
Timeline
Cyber Security Analyst
Sattrix Information Security Ltd.
06.2024 - Current
ENPHASE SOLAR ENERGY: SOC ASSOCIATES
03.2022 - 03.2024
Diploma - Civil Engineering
Jamia University
Higher Secondary School Certificate - HSSC
Bhimrao Ambedkar College
B-tech - Civil Engineering
AKTU