Umar Farooque
Dubai
Summary
Cybersecurity Engineer with 5 years of experience specializing in cloud security, endpoint protection, Microsoft Defender, and SIEM operations. Proficient in securing hybrid and cloud environments, conducting security configuration assessments, and implementing Zero Trust principles. Experienced in threat detection and response using MITRE ATT&CK frameworks, SIEM analytics, and advanced incident investigation. Skilled in vulnerability management, identity and access controls, and business continuity planning, with hands-on expertise in Azure, Microsoft Entra ID, Intune, Azure Arc, and Defender ecosystem.
Overview
4
4
years of professional experience
1
1
Certification
Work History
Cyber Security Engineer
Cyber Shelter
08.2025 - Current
- Engineered end-to-end Azure networking architectures, including VNets, Private Endpoints, Application Gateway (WAF), Front Door, Firewall, NSGs/ASGs, and load balancers, ensuring secure hybrid connectivity via ExpressRoute and site-to-site VPNs with private DNS, advanced routing, TLS encryption, and high availability.
- Designed and executed comprehensive BCP/DR strategies leveraging Azure Site Recovery and Backup, implementing zone/region redundancy, immutable backups, key rotation, and secure secrets management, providing strong ransomware and disaster resilience.
- Conducted organization-wide security configuration and gap assessments, identifying vulnerabilities, and migrating CrowdStrike EDR to Microsoft Defender for Endpoint (MDE) to enhance endpoint threat detection, response, and continuous monitoring.
- Implemented Defender for Identity and Privileged Access Management (PAM), including role-based access control (RBAC) and least-privilege enforcement, securing sensitive accounts and critical resources across hybrid environments.
- Developed High-Level Design (HLD) for Defender for Cloud, onboarding on-premises servers to Azure via Arc, deploying monitoring and security extensions, integrating with Defender for Endpoint, and executing phased UAT and production deployments.
- Configured enterprise-wide MDM and MAM policies for corporate and BYOD devices, enforcing compliance standards, conditional access, and secure access to corporate data.
- Managed vulnerability management programs across endpoints (MDE) and servers/assets (Tenable), tracking patching, remediation, and reporting new vulnerabilities.
- Implemented Data Loss Prevention (DLP) and data classification policies to safeguard sensitive organizational information, ensuring regulatory compliance and preventing data exfiltration.
- CSPM, integrating Microsoft Sentinel SIEM with Defender for Endpoint for centralized monitoring, advanced alert correlation, triage, investigation, and incident response.
CYBER SECURITY ENGINEER
CONCENTRIX
06.2023 - 07.2025
- Led real-time security monitoring, alert triage, and incident response using Microsoft Sentinel, leveraging advanced KQL queries and custom analytics rules to detect, investigate, and escalate complex threats across cloud, identity, and endpoint environments.
- Developed, tuned, and optimized SIEM correlation rules and detection logic to enhance signal fidelity, reduce false positives, and improve SOC operational efficiency.
- Onboarded, normalized, and correlated telemetry from cloud services, network firewalls, endpoint platforms, and identity systems into Sentinel for centralized detection, investigation, and analytics.
- Configured and managed Microsoft Defender for Endpoint, including advanced EDR deployment, Attack Surface Reduction (ASR) rules, automated remediation workflows, and endpoint hardening to strengthen threat visibility and containment.
- Correlated identity, endpoint, network, and cloud telemetry in a unified XDR/SIEM environment to identify lateral movement, compromised credentials, and advanced attack patterns using integrated security data.
- Implemented and enforced network security controls and firewall policy optimization; managed ingestion of firewall logs into SIEM to support enhanced threat analysis and anomaly detection.
- Administered Microsoft Intune to ensure device compliance and configuration baselines, enforce Zero Trust Conditional Access, and secure corporate and BYOD devices across Windows, macOS, iOS, and Android platform.
- Enhanced identity security using Microsoft Entra ID (Azure AD): enforced Multi-Factor Authentication (MFA), Conditional Access policies, RBAC, and risk-based sign-in mitigation to uphold least-privilege principles.
- Collaborated with cross-functional teams to perform vulnerability assessments using Tenable tools (e.g., Nessus/Tenable Vulnerability Management), driving prioritized remediation and mitigating security weaknesses.
- Created and documented EDR/SIEM playbooks, runbooks, detection logic, and SOC operational procedures to support consistent response workflows and compliance standards.
- Led real-time security monitoring, alert triage, and incident response using Microsoft Sentinel, leveraging advanced KQL queries and custom analytics rules to detect, investigate, and escalate complex threats across cloud, identity, and endpoint environments.
- Developed, tuned, and optimized SIEM correlation rules and detection logic to enhance signal fidelity, reduce false positives, and improve SOC operational efficiency.
- Onboarded, normalized, and correlated telemetry from cloud services, network firewalls, endpoint platforms, and identity systems into Sentinel for centralized detection, investigation, and analytics.
- Configured and managed Microsoft Defender for Endpoint, including advanced EDR deployment, Attack Surface Reduction (ASR) rules, automated remediation workflows, and endpoint hardening to strengthen threat visibility and containment.
- Correlated identity, endpoint, network, and cloud telemetry in a unified XDR/SIEM environment to identify lateral movement, compromised credentials, and advanced attack patterns using integrated security data.
- Implemented and enforced network security controls and firewall policy optimization; managed ingestion of firewall logs into SIEM to support enhanced threat analysis and anomaly detection.
- Administered Microsoft Intune to ensure device compliance and configuration baselines, enforce Zero Trust Conditional Access, and secure corporate and BYOD devices across Windows, macOS, iOS, and Android platform.
- Enhanced identity security using Microsoft Entra ID (Azure AD): enforced Multi-Factor Authentication (MFA), Conditional Access policies, RBAC, and risk-based sign-in mitigation to uphold least-privilege principles.
- Collaborated with cross-functional teams to perform vulnerability assessments using Tenable tools (e.g., Nessus/Tenable Vulnerability Management), driving prioritized remediation and mitigating security weaknesses.
- Created and documented EDR/SIEM playbooks, runbooks, detection logic, and SOC operational procedures to support consistent response workflows and compliance standards.
ENDPOINT SECURITY ENGINEER
iEnergizer
12.2021 - 06.2023
- Administer and optimize Microsoft Intune to enforce device compliance, configuration baselines, application protection policies, and Zero Trust conditional access across Windows, macOS, iOS, and Android endpoints.
- Manage and configure Microsoft Defender for Endpoint, including EDR controls, threat detection settings, automated remediation workflows, patch validation insights, and endpoint hardening standards.
- Monitor endpoint security posture through Defender dashboards and integrated reporting, including vulnerability and threat assessments, and collaborate with SOC/cloud teams to remediate risks.
- Generate and analyze vulnerability assessment reports (e.g., missing patches, insecure configurations) from Defender and related security tools to prioritize remediation activities.
- Coordinate with IT and security teams to implement patch management processes, verify deployment success, and reduce exposure windows across endpoints.
- Configure and enforce Conditional Access policies in Microsoft Entra ID (Azure AD) to ensure secure, risk-based access and adaptive authentication.
- Integrate endpoint telemetry and alerts with SIEM platforms (e.g., Microsoft Sentinel) for centralized threat visibility and investigation support.
- Collaborate with cross-functional teams to align endpoint security controls with organizational standards and compliance requirements.
Education
BACHELOR OF TECHNOLOGY -
SAM GLOBAL UNIVERSITY
Skills
- SIEM implementation and management
- SOAR
- Extended detection and response
- Network detection and response
- Kusto Query Language proficiency
- Analytics Rule Tuning
- Threat Intelligence
- Firewall Log Integration
- Network Traffic Analysis
- Cloud Security Monitoring
- Identity Security (IAM)
- Conditional Access (Zero Trust)
- Playbook Development
- Network Security Controls
Certification
CCNA, SC-200, AZ-104
LANGUAGES
ENGLISH, URDU, HINDI, BENGALI
Timeline
Cyber Security Engineer
Cyber Shelter
08.2025 - Current
CYBER SECURITY ENGINEER
CONCENTRIX
06.2023 - 07.2025
ENDPOINT SECURITY ENGINEER
iEnergizer
12.2021 - 06.2023
BACHELOR OF TECHNOLOGY -
SAM GLOBAL UNIVERSITY