Cybersecurity Analysts and Incident Response Based in Mumbai, India.

Phishing & Email Security Operations

• Investigated reported phishing emails through sender ID & Domain validation, content analysis, artifact inspection (URLs, attachments, QR codes, unwanted file download automatically), and email header analysis.

• Identified spoofing, social engineering tactics, and malicious infrastructure through Sandbox analysis.

• Executed containment actions including sender/domain blocking, URL blocking, mailbox remediation, and escalation to Microsoft for review.

• Applied user protection measures such as forced password resets & sign-out from everywhere and MFA validation.

• Additional, Cloned or impersonating website mimicking the organization's website & domain is detected follow the above same investigative and mitigation workflows.

User Remediation & Incident Containment

• Provided remediation guidance to impacted users, including full scans, browser cleanup, MFA review, extension validation, Inspected pop-up setting and password hygiene.

• Reduced risk of persistence and repeat compromise through structured user recovery steps.

Post-Incident Identity & Mailbox Auditing

• Reviewed Azure AD sign-in logs and audit logs to identify suspicious IP activity and abnormal authentication behavior.

• Investigated mailbox and account changes including inbox rules, folder permissions, and user/application management actions.

• Monitored SharePoint, OneDrive, and Microsoft Teams for unauthorized access or data manipulation.

• Detected suspicious outbound email activity, including bulk or anomalous message sending.

Cloud Infrastructure Alerts

• AWS: Analyzed GuardDuty and CloudTrail logs to validate security events and determine the nature of triggered alerts and validate user authorization.

• Azure AD: Investigated sign-in anomalies, device code abuse, MFA alerts, and audit log irregularities.

• Microsoft Defender for Cloud: Reviewed & investigate alerts related to:

  • Role assignment changes.
  • VM, server and database creation/deletion.
  • Network & virtual security rules creation.
  • Network and firewall rule creation/deletion.
  • Load balancer, storage account creation.
  • SQL Injection attempts and other defender for cloud alerts ...

Network Security (Meraki)

• Monitored inbound and outbound traffic from corporate devices.

• Blocked unauthorized devices and investigated traffic anomalies indicating potential compromise or data exfiltration.

Threat Detection Analysis (Taegis)

• Conducted end-to-end alert analysis using both normalized and raw log data.

• Used advanced queries to correlate events and support deeper threat investigations.

• Investigated and analyzed threats using process trees & timelines to identify root causes.
• Took appropriate action on corporate endpoints or provided clear, step-by-step guidance to users to identify, contain, and remediate malware present on affected machines.

Endpoint Security & Device Management (Intune)

• Validated device ownership and enrollment status.

• Assessed endpoint security posture including malware status, BitLocker encryption, Secure Boot, and code integrity.

• Took corrective actions on lost, stolen, or compromised devices.

Takedown & Fraud Response

• Coordinated takedown efforts for phishing emails & domains, fraudulent websites, social media impersonation, and recruitment fraud.

• Collaborated with Digital Security, Social Media, and HR teams for timely incident resolution.

Credential Theft Response

• Responded to credential exposure incidents by notifying users and application, enforcing password resets, and providing account-security guidance.

• Supported users in securing corporate accounts and monitoring for misuse.

Thread Hunt

• Understand the Report like (SHA value, File Name, Malicious Browser extension, Link, IOCs, IP address, Domains & Application), Validate Each Finding, Investigation Context, Containment & Response and Report & Improve

Skills: Cybersecurity, Vulnerabilities, Threat intelligence, Incidence response

• Monitored security alerts across endpoints, cloud, network, and email systems using tools like CrowdStrike, Microsoft Defender, Cybereason, and Trellix.
• Investigated and analyzed threats using process trees, timelines, threat graphs, and attack stories to identify root causes.
• Performed threat hunting and collaborated with SOC teams to improve detection capabilities and reduce false positives.
• Configured and managed EDR/XDR policies, firewall rules, and allow/deny lists to strengthen endpoint and network security.
• Blocked malicious indicators (IPs & URLs), contained compromised accounts, and implemented DLP controls to prevent data leakage and unauthorized access.
• Conducted in-depth security investigations using advanced querying tools like KQL for efficient correlation of multiple alerts.
• Managed whitelisting/blacklisting of applications and implemented firewall policies to enhance endpoint and network security.

Skills: Cybersecurity, SOC Operations, Threat Hunting, Incident Analysis

• Created and maintained test documentation, including test plans and test cases for SAM Pro modules.

• Identified, reported, and tracked defects and issues while collaborating with development teams to resolve them.

• Tested Service Catalog forms, workflows, and multiple products to ensure smooth functionality and performance.

• Worked with core ServiceNow components such as Applications, Modules, Service Catalog items, Update Sets, Custom Tables, and Import Sets.

• Developed and configured platform features including UI Policies, Data Policies, UI Actions, ACLs, Workflows, Business Rules, Script Includes, Client Scripts, and Notifications.

• SERVICENOW ADMIN CUM DEVELOPER

1. Having Good Knowledge and Understanding on creating of Application, Model, Service Catalog, Update set, Custom Tables, Import set, UI Policies, Data Policies & UI Action.
2. Knowledge and understanding on ACL, Workflow, Business Rule, Script Include, Client Script & Notification.

Skills: ServiceNow SAM Pro, Testing, Workflows, Scripting

Hardware & Software Asset Management

• Used Barscan and HPAM tools to manage assets & accessories across 85+ countries (APAC, USA, Europe).

• User, Catalog, and Asset Administration: Created, maintained, and decommissioned user IDs, asset records, accessories, locations, and hardware models in both asset management tools to ensure accurate and up-to-date inventory.

• Device Lifecycle Management: Updated device status throughout the asset lifecycle, including allocation, in-use, repair, and retirement, using both manual updates and bulk processing as required by operational demand.

• Asset and Accessory Migration: Performed controlled migration of assets and accessories between tools, validating data integrity and ensuring continuity of asset history and ownership.
• Data Export and Backup Management: Generated daily manual exports and backup files to support auditing, reporting, and recovery requirements.
• Operational Reporting and Logs: Produced manual export logs for assets, catalogs, locations, and users to support tracking, reconciliation, and compliance reviews.
• Warranty and Retirement Management (HPAM): Executed bulk updates for warranty start and end dates and scheduled asset retirement dates within HPAM to maintain accurate lifecycle and support planning.
• Asset Purchasing Operations:  Managed asset purchasing activities in both tools, ensuring proper recording from procurement through inventory onboarding.

• Troubleshot issues raised by OSS or FSM across tools.

• I also now collaborate with Demand Management, Catalog Management, Stock Management Team.

ITSM Modules Worked On:

• Incident Management

• Problem Management

• Change Management

• SLA Management

• Knowledge Management

Achievements:

• Awarded Best Team Award (Oct 2022).

• Created 5 automation scripts to increase project productivity.

Skills: Asset Management, HPAM, Barscan, ITSM, Automation, Team Leadership

• Managed and supported Citrix Workspace access for users.

• Provided permissions and access to applications and servers through the Citrix environment.

• Troubleshot issues related to Citrix Workspace, user access, and VDI performance.

• Assisted in the migration of dedicated VDIs to cloud infrastructure.

Skills: Citrix Workspace, Troubleshooting, VDI Management, Teamwork