Srishti Shah

Project 1

• Worked as an Information Security SOC Run analyst for one of the largest Investment Company based in the UK, as an analyst I needed to monitor the possible security risks
  that were triggered and triage them by following various methods and categorizing them accordingly.
• Also worked closely with other towers like Identity Access Management (IDAM),Security Tooling Team, and Threat Intel Teams.
• To analyze logs effectively, extracting actionable insights to fortify an organization's
  security posture.
• Monitoring and investigating incoming events to the SIEM tool and kicking off incident
  management as required for Offences/Alerts triggered in the console.
• Evaluate existing standard content like rules & Fine tune them to meet enterprise
  goals.
• Maintain the health of the Console and Log Sources that are integrated to SIEM tool.
• Manipulation of watchlist according to the requirement as a process of fine tuning
• Triaging the incidents by observing the alerts triggered along with the processes that were initiated. [XDR & MDE].
• Using the MDE for Mail flows while working on phishing analysis.
• Investigating the suspicious mail and taking necessary actions such as blocking the IPs, URLs, sender’s mail ID, etc. by coordinating with different teams.

Project 2

• Worked as an Information Security SOC Run analyst for one of the largest Investment Company as analyst Global Administrator role for Office 365 and Azure tenant for largest Bank Worked on DKIM DMARC SPF alignment for 200+ domains by implementing EFD (Email Fraud Defense).‬
• CrowdStrike Incident Response Specialist‬‭ :‬‭ Incident Response lifecycle via triage and investigation of‬
  ‭ detections and take actions as appropriate (eg-live response, containment, escalation)‬
• ‬ Crowdstrike Identity protection-User and Host compromise.
• Collaborate with internal teams to ensure alignment on security practices. Communicate effectively with stakeholders, including senior management. Regarding security incidents and their impact.
• Hands on experience on triaging and investigating all CS alerts, executions, suspicious behaviors.‬
• Akamai WAF-Design, deploy, configure and maintain WAF solutions to protect web application.

• Proactive monitoring of any alerts/alarms/cases in SIEM and analyze them to identify any threats/attacks/abnormalities within the organization and take necessary action
• Monitor the raw logs as well as alerts triggered in SIEM tools integrated with various devices making sure company assets are not vulnerable to attacks, identify unauthorized usage/access and investigate security incidents
• Email Security Management- Investigations on the security incidents like Phishing, spam emails and similar incidents related to email security
• Escalating the security incidents based on the client's SLA and providing meaningful information related to security incidents by doing in-depth analysis of event payload, providing recommendations regarding security incident mitigation, which in turn makes the customer business safe and secure
• Responsible for Incident reports and documentation, which includes tracking and documenting incidents from initial detection to final resolution
• Handling multiple customers globally analyzing the customer networks for potential security attacks

• Log analysis of Security Tools like McAfee, Zscaler and Arcsight
• User management, license reconciliation, troubleshooting issues related to security tools
• Perform malware analysis (Static and Dynamic) on anonymous files
• Monitoring and actioning on SOC alerts
• Maintain track of actionable of Security Advisories
• Analysis of intrusions Observed