SUBHANGANI PANDEY

Analyzed the Business Requirements and worked with the Development Team to understand the details of Functional and Non- Non-functional requirements on Web/Online applications. Interact with Developers and Business Analysts to perform various types of testing throughout the Software Testing Life Cycle (STLC) and Bug Life Cycle (BLC). Provided weekly status updates showing the progress of the testing effort and open issues to be resolved.

Experienced Security Analyst with a strong background in safeguarding digital assets, ensuring comprehensive protection from unauthorized access, and effectively mitigating risks. Proficient in Security Operations and SIEM management, with extensive experience in managing and optimizing Azure Sentinel deployments. Following are the day-to-day tasks I undertake. Provides continuous monitoring and serves as an incident handler to identify, investigate, mitigate, and respond to cybersecurity events and incidents impacting the network or endpoints. Monitoring and analysis of security events to determine intrusion and malicious events. Working on alerting use cases for detecting and responding to specific threats and adversary tactics, techniques, and procedures, and working on reducing false positives. Create processes or playbooks to make recommendations and promote the continuous improvement of the capabilities of the Security Operations Center and to advance the security posture of the organization. Mentors and guides freshers to assist in their professional development and ensure quality of work for the team. Experience with Security Tools: Azure Sentinel SIEM Tool: SIEM Management & Integration: Have quality experience in integrating Cloud & on-prem Servers, and Security Event logs, into Microsoft Sentinel SIEM Tool. Implemented alerts using KQL queries, enabling efficient log analysis and threat detection. Alert Rules and Incident Response: Created and managed Alert rules tailored to specific security requirements, allowing for timely identification and response to potential threats. Cisco ESA: Monitors and maintains the company’s network email system; provides inputs on messaging initiatives, maintains email security infrastructure, and deploys security controls to manage and mitigate risks. Troubleshoots and resolves users' problems with and related to email systems. Manage inbound and outbound security rules for email (filtering, whitelists, spam, etc.). Create and maintain documentation for security procedures and protocols. Provide training and education for employees on email security best practices. Microsoft Defender for Endpoint: Expertise in setting up and configuring Microsoft Defender for Endpoint, protecting diverse devices such as Windows Servers, VDIs, and Linux Servers. Have good experience in deployment and policy management of Microsoft Defender for Endpoint on Linux servers. Leveraged Ansible for the creation of multiple Ansible playbooks to install MDE, configure daily updates, and manage MDE policies and exclusions on Linux Servers. Experience in troubleshooting and remediating high CPU utilization alerts and anomaly situations caused by Defender. Nexpose: Managing Infra vulnerabilities through Nexpose (running/scheduling scan, creating scan templates, asset handling, asset grouping, sites, report templates, exception handling). Assisting teams with vulnerability resolution, including providing assistance researching vulnerability solutions and addressing false positives to reduce system workloads, performing confirmation scans when appropriate, meeting regularly with the remediation team, and building reports to provide teams with necessary data. Generate the reports on a daily basis and execute the daily tasks. Review and advise on existing reports and suggest reports that would solve current business use cases as well as factor the relevant metrics to track the Vulnerability Management program. Other experiences: Proficient in onboarding, offboarding, and managing different McAfee products. Actively participated in threat handling and remediation activities, effectively neutralizing malware and other security risks. Proficient in investigating and responding to security incidents, leveraging various tools such as SIEM Tools, ServiceNow, and other threat intelligence platforms. Collaboration and Communication: A team player with good collaboration skills, working closely with cross-functional teams, stakeholders, and management to ensure effective security measures and incident response. Strong communication skills in presenting complex technical concepts to both technical and non-technical audiences.