Simal Shaik

· Monitored security alerts from SIEM tools (Splunk, QRadar) and EDR platforms (CrowdStrike) to detect and respond to potential threats.
· Investigated phishing and malware incidents flagged by Proofpoint and coordinated containment actions.
· Performed vulnerability assessments using Tenable and tracked remediation progress.
· Responded to endpoint threats and lateral movement indicators using Microsoft Defender and CrowdStrike.
· Escalated high-priority incidents, documented findings, and followed up through ServiceNow.
· Reviewed and enforced privileged access management policies via CyberArk.
· Applied DLP policies and monitored database activities using Imperva.
· Participated in SOC shift rotations ensuring 24/7 threat monitoring coverage.
· Conducted root cause analysis and generated post-incident reports with actionable mitigation plans.

· Monitoring Operations: 24x7 SOC monitoring (Azure Sentinel) and responding to alerts according to established policies.

· Monitoring for any suspicious emails with Proofpoint, analyzing emails, educating users, and working on remediations

· Security incident handling and response.

· Validating IOCs and uploading the same for security monitoring SME Support roles: Performing console clean up and

· proactively monitoring the environment to prevent downtime

· Training and supporting new team members and guiding them for active and proactive monitoring

· Analyze the email in all directions and respond to user accordingly.

· Develop and maintain documentation for security systems and procedures (SOC SOP, Playbook, process handling document, offense handling document etc.

· Daily, weekly, and monthly report creation with in-depth analysis and providing reasoning, suggestions, and recommendations in client meetings.

· Handling Phishing/Spam alerts reported by users which are triggered by the CoFense tool and acting upon their impact and mitigation.

· Performing the website reviews and taking down the domains which impersonate the company’s site and deliver malicious content.

· Alert monitoring and incident response using Splunk SIEM. Analyze threats by taking the events from Next Gen. Firewalls,

· Endpoints, Servers, etc. and identify a false positive and a true positive.

· Analyze logs from Cortex XDR, CrowdStrike, Palo Alto Firewall, Proofpoint, Proxy, Sysmon and Threat Intel log sources and internal configured alerts using Splunk.

· Performing the dynamic malware analysis on malicious files received through phishing emails using Sandbox tools.

· Interact with Security Owners/Stakeholders, L3 Level infrastructure teams for remediation of security alerts.

· Attending weekly technical calls and knowledge sharing sessions, giving suggestions for whitelisting of unwanted alerts and their implementation and walk-through of latest attack trends, IOCs and TTPs to the team.

· Acting accordingly to allowlist the events which are deemed as False Positive post our analysis.

· Engage with vendor support to troubleshoot issues with the SIEM platform.

· Preparation of Security Operations Handbook.

· Monitoring Security alerts generated by SIEM.

· Analyzing SIEM alerts by following runbooks and using various tools.

· Generating tickets for validating incidents.

· Assist in identifying root causes of incidents and follow-up with SMEs for incident closure.

· Assist the team lead in generating the weekly report. Documentation of alerts.

· Draft Shift Handover.