Information Security Analyst
Tesco
مجموع سنوات الخبرة :1 years, 5 أشهر
Period : 09-Jan-2023 to till date Designation : Information Security Analyst
Roles and responsibilities:
⮚ Security Event Monitoring and Analysis: Spearheaded the monitoring and analysis of security events and alerts using SIEM, EDR, and a suite of cutting-edge security tools.
⮚ Incident Identification: Pioneered the identification of security incidents through meticulous log data analysis within the SIEM framework.
⮚ Collaborative False Positive Mitigation: Collaborated closely with SIEM/SOAR teams to actively eradicate false positives while innovatively defining new use cases. ⮚ Efficient Workflow Design: Engineered streamlined processes and workflows to effectively triage security alerts and orchestrate rapid incident response.
⮚ Incident Response Leadership: Actively led incident response efforts, taking charge of containment, eradication, and recovery strategies.
⮚ Threat Intel: Conducted ongoing research on new threat attack vectors to ensure detection and response capabilities aligned with the evolving threat landscape.
⮚ Network Device Log Analysis: Proficiently dissected logs from a spectrum of network devices, including Proofpoint, MDE, and TippingPoint.
⮚ In-Depth Log Analysis: Conducted meticulous log analysis spanning operating systems and various mission-critical applications.
⮚ Proactive Threat Mitigation: Pioneered proactive tracking and blocking of malicious domains, URLs, and IPs to fortify security posture.
⮚ Malware and IOC Proficiency: Demonstrated expertise in malware analysis and IOC discovery through comprehensive analysis of malware samples and network data.
Tools used:
⮚ MDE, Proofpoint, Splunk, Cortex XSOAR, Cortex XDR