Sohail Syed

• Monitored security alerts and events using Azure Sentinel , Microsoft Defender XDR , Bitdefender to detect and respond to security incidents promptly.
• Create and continuously improve standard operating procedures used by the SOC
• Developed actionable threat intelligence at the tactical and operational levels sourced from SOC and Open Source Intelligence (OSINT) data.
• Developed and maintained intelligence collection requirements, ensuring alignment with organizational goals and objectives.
• Implemented comprehensive **antivirus policies** tailored to the unique requirements of different operating systems, ensuring robust protection against malware and cyber threats.
• Escalated incidents according to SLAs, providing in-depth analysis and mitigation recommendations.
• Evaluated security systems, providing recommendations for improvements aligned with organizational goals.
• Provided 24x7 technical support, contributing to incident response and the development of the cybersecurity strategy.
• Checking for any miscellaneous activity, apps used by the users by using MDCA[Microsoft Defender for Cloud Apps] Dashboard.
• Worked on JIRA for Ticketing Purpose for all the triggered offenses.
• Maintaining the SOC Performance reports involving no. of alerts, incidents by severity, SLA adherence, no. of escalations etc.
• Creating runbooks for all alerts.
• Follow up with users for legitimacy of activity.
• Collaborated with cross-functional teams to investigate and resolve security incidents.
• Performing static analysis on various PE and NON-PE files
• Followed up with the incident response team and concerned teams for remediation and closure of escalated incidents.
• Analysed Phishing Alerts and took necessary steps to prevent them from re-entering the environment.
• Ensure proper documentation of security incidents including attack details.
• Respond to incoming reports of security incidents from the organization via calls and emails.

Dell MDR (Managed Detection and Response) - Jan 2022

• Continuously monitor dashboard panels of Secureworks XDR and Microsoft Defender XDR for security alerts, and analyse event logs ingested from a variety of different technologies across multiple platforms.
• Detect and investigate potential threats, triage the alerts, and appropriately escalate incidents to L2/L3 analysts for additional assistance.
• Proactively manage incidents to minimize customer impact and meet SLA's.
• Utilize ServiceNow tool for management of incidents and ticket tracking.
• Interact with customers to address their security issues through omni channel communication.
• Prepare briefings and reports about results of investigations on repeated low and medium alerts utilizing analysis methodologies.
• Organize and conduct training sessions for new hires on SOC processes, procedures, workflows and utilized technologies such as Secureworks-Taegis XDR/VDR, SNOW, BT Cloud,Teams, CyberChef and etc.
• Take active role in creation of Document Repositories.
• Used MITRE ATT&CK, an open framework and knowledge base of adversary tactics and techniques based on real-world observations, provides a structured method.
• Hands-on experience on new Microsoft security products aimed at further enhancing the world-class experience for Microsoft 365 Defender customers including Microsoft Defender for Endpoints, Microsoft Defender for Cloud APPS, Microsoft Defender for Identity, Office 365 Security & Compliance (Insider Risk Management, Data loss Prevention)
• Used Open Source Reputation Channel's such as VirusTotal, AbuseIPDB, AnyRun, Hybrid Analysis, Cisco Talos , Alienvault OTX , Recorded Future and Shodan collecting key findings for incident report.
• Referenced Cyber Kill Chain to determine if malicious actor was able to perform all techniques and tactic's.
• Out of Hours “On Call” work to ensure 24/7 service delivery.

• Investigate malicious phishing emails, domains and IPs using Open Source tools and recommend proper blocking based on analysis.
• Analyzing Phishing and Spam related activities and notifying to the users..
• Assist in identifying root causes of incidents by using Carbonblack.
• Creating case for the suspicious issue and escalating it to POC's at the client end team for further investigation.
• Search firewall, email, web or DNS logs to identify and mitigate intrusion attempts.
• Use Vulnerability Assessment tools such as Nessus, NMAP, Nexpose, Netsparker to perform security testing.
• Raising incidents with concern teams, respond to the incidents and service request and bring together additional information to either resolve or escalate issue to the appropriate teams.