About
Senior SOC Analyst with 7+ years of experience delivering 24x7 security operations, advanced incident response, and threat detection across enterprise environments. Proven ability to investigations, reduce MTTR, enhance SIEM detections, and mentor analysts. Hands-on expertise with Splunk ES, Microsoft Defender EDR, McAfee SIEM, and phishing response. Trusted partner to stakeholders for risk-based decision-making, SOC maturity improvement, and continuous security enhancement.
Skills & Expertise (56)
Work Experience
Specialist – Security Operations
Krones Digital Solutions
Jul 2025 - Jan 2026
Led incident response for a 24x7 SOC, handling high-severity security incidents across endpoint, identity, email, and cloud domains. Investigated and remediated alerts from Microsoft Defender EDR and Splunk ES, executing actions such as endpoint isolation, credential resets, IOC blocking, and containment. Reduced incident resolution time by driving structured triage, root-cause analysis, and coordinated remediation with IT and threat intelligence teams. Served as SME for phishing and account compromise investigations, analysing headers, payloads, URLs, and malware artifacts. Collaborated with Threat Intelligence and Malware Analysis teams to ingest threat advisories, validate indicators, and perform IOC sweeps across the environment. Analysed Azure Identity (Entra ID) alerts for risky sign-ins, privilege abuse, and identity-based attacks. Created and refined SIEM use cases, improved alert fidelity, and minimized false positives. Authored weekly executive reports, highlighting incident trends, risk posture, and SOC KPIs. Mentored L1/L2 analysts, reviewed escalations, and enforced SOPs and SLA adherence.
Senior SOC Analyst
Fidelity National Financial
Aug 2022 - Jul 2024
Performed advanced alert triage and investigation across SIEM, EDR, email, and network security tools. Validated true positives, closed false positives, and escalated confirmed incidents with actionable remediation guidance. Conducted deep-dive threat analysis using SIEM correlation, log analysis, and endpoint telemetry. Supported incident response teams (IRT/SMEs) with forensic evidence, timelines, and containment recommendations. Executed threat hunting based on hypotheses aligned to emerging threats and MITRE ATT&CK techniques. Monitored and resolved silent log sources, ensuring continuous visibility and compliance. Compiled monthly vulnerability and risk reports for management and stakeholders. Participated in SOC governance meetings, shift handovers, and solution evaluations.
SOC Analyst
Gurutwa InfoTech (Client - BloomEnergy)
Aug 2018 - Jul 2022
Monitored and analyzed alerts from EDR, firewall, IDS/IPS, email gateway, cloud, and DLP sources. Owned end-to-end incident lifecycle from detection to closure, ensuring timely containment and mitigation. Managed Splunk knowledge objects including dashboards, saved searches, alerts, and correlation rules. Integrated and onboarded log sources (Windows, Linux, AD, firewalls, DNS, DLP) into SIEM platforms. Performed malware analysis and phishing investigations, identifying malicious indicators and attack vectors. Generated ad-hoc and scheduled reports for business and technical stakeholders. Conducted security control reviews and audits (firewall rules, DLP policies, AD permissions). Maintained SOC KPIs/KRAs, SLA compliance, and operational metrics.
Education
B.Tech (CSE) - P. D. A College of Engineering
- 2017 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (56)
Click a skill to find developers with the same skill
