Abdulla Shaik

Experienced Security Operations Center Analyst with a demonstrated history of working on triaging security incidents, Incident Response, Log Analysis, & leveraging hypothesis-driven investigation. Experience in using SIEM tools QRadar & Splunk for analyzing logs generated from Network Devices, Authentication Devices, Endpoints, Email Gateways, Antivirus logs, and other cloud-hosted devices. Experience in investigating a potential endpoint compromise using EDR Tools Carbon Black Response, Falcon Crowdstrike, and proactively hunting suspicious events based on MITRE-defined TTPs. Performing in-depth analysis by writing Queries in Falcon Crowdstrike. Experience in handling targeted/large Phishing campaigns from Threat Actors by finding and blocking IOCs as part of proactive measures. Experienced in investigating emails reported by end users and responding with appropriate recommendations using Cofense Triage and Cortex XDR/Demisto SOAR Platform. Hunting for adversaries and identifying the TTPs of threat actors and mapping them against MITRE ATT&CK framework. Enough skills in malware analysis, reverse engineering, and Threat hunting using open-source intelligence to find IOCs, and TTP in a malware sample. Curating Threat Intelligence by following several threat actors by gathering information from publicly available and social media platforms and proactively mitigating the upcoming threats. Experience in successfully handling and mitigating Targeted attacks from several Threat Actors, especially Trickbot, Graceful Spider, BokBot, AgentTesla, Emotet, and Ransomware campaigns. Identifying repetitive false positive alerts and suggesting fine-tuning to decrease FPs. Experience with ticket creation tool ServiceNow.

Responsible for performing Nessus scans on the system to check OS vulnerability. Responsible for hardening of servers. Scan the servers with CIS benchmark compliance using the Qualys tool and perform the necessary hardening changes. Performing daily Health checks to keep servers running as expected. Managing Splunk and log logic servers to manage logs from middleware, servers, and network devices. Responsible for creating/managing incidents and tasks and CMRs by using the ServiceNow ticketing tool and maintaining proper SLA. Responsible for stopping, starting, and validating the services as part of maintenance activities like Linux patching, windows patching, and other emergency patchings. Responsible for preparing daily, weekly, and monthly reports and providing 24*7 production support by following rotational shifts.