Security Analyst (L1-C) at Cloud4C Services (2024-11 – Present)
- Managing assigned security tickets within the CDC team and providing approvals on Plan of Action (POA) tickets.
- Acting as shift lead for a team of 15 Analysts per shift, overseeing workload distribution, ensuring quality of analysis, mentoring junior analysts, handling 30–40 escalated incidents per shift, and participating in regular client calls to review incident status, priorities, and operational performance.
- Performing first-level investigation, correlation, and escalation for high and critical security incidents.
- Facilitating direct communication with customers for all confirmed true-positive alerts to ensure timely remediation and visibility.
- Delivering recommendations for alert fine-tuning, automation opportunities, and continuous improvements to Microsoft Defender configurations and detection rules.
- Coordinating with cross-functional IT teams, system owners, and infrastructure stakeholders to validate security events, support remediation actions, and ensure enterprise-wide visibility of critical threats.
- Conducting security log source onboarding to SIEM platforms including configuration, parsing validation, log quality review, and end-to-end data flow testing.
- Performing periodic threat hunting activities using IOC research, MITRE ATT&CK mapping, and behavioral analytics to identify suspicious patterns within enterprise environments.
- Managing incident escalation procedures by assessing criticality, assigning severity levels, tracking response progress, and ensuring timely communication to leadership and impacted business units.
- Executing continuous improvement initiatives across SOC workflow by identifying functional gaps, proposing automation opportunities, and refining standard operating procedures.
- Reviewing detection content against emerging attack vectors and updating rulesets, parsing logic, and event classifications to maintain alignment with evolving threat actors and techniques.
- Conducting routine health checks on security tools, SIEM connectors, endpoint agents, and security appliances to ensure proper functionality and uninterrupted data ingestion.
Security Engineer at To The Moon Tech (Parent Company: Dehaze Labs) (2023-07 – 2024-10)
- Managed and resolved assigned security tickets for the CIRT team by following current playbooks.
- Revised and updated playbooks to reflect new processes, threat patterns, and policy changes.
- During designated email support shifts, conducted investigations and responded to customer communications, including tickets owned by other CIRT members.
- Escalated confirmed or suspected fraud cases to the Security Incidents team and Forensics department for advanced investigation.
- Performed continuous follow-ups with Security Incidents and Forensics teams to provide required evidence, updates, and contextual information.
- During ESC and on-call rotations, performed continuous monitoring, triage, and response for elevated ESC tickets.
- Managed Data Loss Prevention incidents using T-Mobile's Citrix toolsets and Retail Dealer Hub.
- Developed and tuned detection rules using YARA, including leveraging rules sourced from GitHub.
- Authored and optimized Splunk rules and tuning configurations based on SOC requirements and incident feedback.
Information Security Analyst at Evolutyz IT Service (2022-07 – 2023-05)
- Monitored and analyzed security events in real time using Splunk and other SIEM platforms, generating alerts and escalating incidents as required.
- Developed and optimized Splunk dashboards, filters, queries, and reports to improve threat visibility and proactive detection.
- Performed real-time log analysis from IDS/IPS, firewalls, endpoint tools, and other security technologies to identify potential threats and external attacks.
- Conducted continuous monitoring of security alerts, phishing activity, and malicious domains, applying techniques such as watermarking and referrer analysis.
- Performed website anti-malware and defacement monitoring with real-time alerting based on anomalous behavior.
- Investigated endpoint threats using EDR tools by analyzing file behavior, executed applications, and network activity, including sandbox correlation and malicious file removal.
- Analyzed email security events including phishing and spam, and implemented blocking of URLs, IPs, senders, and domains via proxy, firewall, and email gateway controls.
- Conducted vulnerability scanning using Nexpose and delivered remediation reports to stakeholders.
- Executed incident response procedures for security violations, vulnerabilities, and system alerts in accordance with established playbooks.
- Performed threat hunting and contributed to automated detection enhancements to identify suspicious enterprise activity.
- Researched emerging threats and recommended improvements to strengthen security controls and posture.
- Led data exfiltration and DLP alerts based on Forcepoint DLP policies.
- Supported DDoS mitigation activities and analyzed related events and alert patterns.
- Utilized security consoles for investigation, correlation, and remediation to support real-time incident response.
- Prepared daily, weekly, and monthly security reports including internet security status, denied logs, failed logons, alert summaries, endpoint posture, and configuration changes.