PAVITHRA

Security Operations Center Analyst (L1 & L2)

Eze Castle Integration

05.2022 - Current

Performed continuous real-time monitoring of security events and incidents using SIEM tools (Splunk, ELK, and Exabeam), identifying and responding to security threats, vulnerabilities, and suspicious activities
Utilized EDR solutions (CrowdStrike, Carbon Black, SentinelOne, Microsoft Defender) to detect, investigate, and respond to endpoint threats
Developed and fine-tuned custom detection rules in SIEM and EDR tools to improve threat detection accuracy and reduce false positives
Collaborated with cross-functional teams to mitigate security threats
Monitored user behavior alerts within Azure Active Directory to identify potential security risks, such as unusual sign-ins, anomalous activities, and unauthorized access attempts
Conducted thorough investigations into flagged alerts, analyzing user activities and access patterns to determine the legitimacy of actions and assess potential threats
Utilized email gateway solutions (Proofpoint, Mimecast, and Microsoft Defender) to analyze inbound and outbound email traffic, identifying and blocking malicious emails such as phishing, spam, and malware
Leveraged sandboxing technologies (Falcon, Triage) to securely execute and examine suspicious email attachments and URLs
Implemented custom email filtering rules and policies in Proofpoint to enhance threat detection and prevention capabilities, reducing false positives and improving overall email security
Customized policies to block phishing, malware, and spam based on organizational needs, industry best practices, and emerging threat intelligence
Monitored and analyzed TAP threat intelligence, identifying and mitigating targeted attacks through real-time threat insights and URL Defense technology
Leveraged TRAP to automatically quarantine malicious emails post-delivery, reducing manual intervention and speeding up response times to email-based threats
Enforced DLP policies to prevent unauthorized access, transmission, or storage of confidential information, significantly reducing the risk of data breaches
Created customized policies for individual website access based on user roles and business needs
Reviewed website and content categorization and contacted vendor support (Talos, Cisco) for resolution in case of incorrect categorization
Managed SOAR platform (Swimlane) and automated incident response workflows, integrating various security tools (SIEM, EDR, threat intelligence) to streamline detection, investigation, and remediation of security threats
Responsible for training new SOC analysts, assisting with intricate cybersecurity investigations as part of threat response activities, and facilitating the escalation of cybersecurity incidents
Created, maintained, and updated SOP documentation for SOC Threat Response Playbooks, managed metrics reporting, and ensured accurate analysis for the cyber defense team
Conducted threat hunting activities across available security devices after validating the IOCs
Managed the ITSM tool (ServiceNow) to ensure smooth operation and timely resolution of incidents and requests
Monitored and tracked service tickets, ensuring compliance with SLAs and efficient incident management and escalation.
Seeking to leverage my expertise and knowledge to contribute to a dynamic SOC team in a challenging and growth-oriented environment
Collaborated with cross-functional teams to identify opportunities for process improvement and increased efficiency.
Collaborating with security vendors and possessing case management skills.

Summary

Overview

Work History

Security Operations Center Analyst (L1 & L2)

Education

Bachelor of Engineering -

Skills

Certification

Awards

Skills

Timeline

Security Operations Center Analyst (L1 & L2)

Bachelor of Engineering -

Similar Profiles

Jalmes SacpopoJalmes Sacpopo

ROBERT BOLANDROBERT BOLAND

Sajjad NasirSajjad Nasir

Vaibhav SalviVaibhav Salvi

Sijith VJSijith VJ