DIVYA BOHRA

Monitor real-time security events on the SIEM console (Log Rhythm) and conduct event analysis.  Investigate suspicious emails and coordinate with the privacy team for incident closure  Hands-on experience in incident response activities like malware analysis.  Working in a 24*7 Security Operations center.  Monitor and respond to alerts stemming from the Data Loss Prevention tool (Force point DLP), exercising precise and swift actions.  Conduct detailed analysis of phishing emails to identify patterns and trends for proactive threat mitigation.  Analyze logs triggered in tools like Crowd Strike, EPO, and Ad Audit, and take action.  Efficiently manage incident/request lifecycles via the Service Now ticketing tool.  Creating daily health checklist reportsfor SIEM.  Facilitate effective shift handovers, providing seamless continuity of situational awareness for incoming security teams

An integral part of a collaborative shared services SOC team for US-based clients.  Monitor real-time security events on SIEM consoles (Sentinel, Qradar).  Analyze phishing emails to determine their malicious intent and recommend appropriate actions to mitigate risks.  Utilize Microsoft Defender to detect and neutralize advanced malware.  Develop incident response playbooks and fine-tune rules for eliminating false positives.  Monitor and report on SOAR workflow effectiveness, providing insights for enhancement.  Implement and manage SOAR (Security Orchestration, Automation, and Response) workflows to streamline incident response processes.  Conduct Knowledge Transfer sessions for team skill development on SOAR utilization.  Manage incident resolution through OPs Ramp and Service Now ticketing systems, optimizing workflows through SOAR integration.  Updating IOC (Indicators of Compromise)