About
SOC Analyst with 3.6+ years in enterprise 24x7 SOC environments at Infosys, independently owning the full incident response lifecycle across Splunk, Cortex XSIAM, SentinelOne, and Microsoft Defender. Hands-on experience writing and deploying Splunk and XSIAM correlation rules that measurably reduced MTTD and false positives. Deep expertise in phishing and malware triage, Azure AD anomaly detection, DLP investigations, and MITRE ATTCK-based threat hunting across 3000+ endpoints.
Skills & Expertise (14)
Work Experience
SOC Analyst – L2
Infosys Limited
Jul 2024 - Present
Investigated and managed 30–40 security incidents daily across the incident response lifecycle, performing deep log analysis and threat detection using Splunk and Cortex XSIAM, improving incident response efficiency by 20% and reducing MTTR. Led proactive threat hunting campaigns across 3000+ endpoints using Microsoft Defender and SentinelOne — identified and contained 3–5 previously undetected threats per month by correlating behavioral IOCs in VirusTotal and Hybrid Analysis with SIEM telemetry. Investigated data exfiltration incidents using Microsoft Purview DLP identified policy gaps causing high false-positive rates and recommended tuning changes that reduced noise by approximately 25%. Analyzed and continuously reviewed Azure AD Sign-in and Audit Logs to detect brute force attacks, credential stuffing, and impossible travel scenarios. Reduced phishing investigation time by 30% by developing a structured triage workflow in Abnormal AI — analyzed email headers, sender reputation, embedded links, and attachment sandboxing results to classify and contain threats before user impact, handling 10–15 phishing cases per week. Independently owned end-to-end detection use case lifecycle from identifying detection gaps to writing, testing, and deploying correlation rules in Splunk and Cortex XSIAM resulting in a measurable reduction in mean time to detect (MTTD) and false positives. Created and maintained SOC playbooks and incident response procedures for phishing, ransomware, insider threats, and cloud misconfigurations, aligned with NIST Cybersecurity Framework and ISO 27001 controls. Prepared daily, weekly, and monthly SOC reports analyzing incident trends, threat patterns, and detection gaps to improve security monitoring effectiveness.
SOC Analyst – L1
Infosys Limited
Nov 2022 - Jun 2024
Monitored and triaged 40–60 security alerts per shift across Splunk SIEM, EDR, DLP, firewall, and Azure AD maintained sub-15-minute initial triage SLA across all alert categories in a 24x7 environment. Performed first-level triage and validation of phishing, malware, DLP, and authentication alerts — applied consistent classification criteria that reduced false positive escalations to L2 by 15–20%. Analyzed phishing emails end-to-end, correlated findings with SentinelOne endpoint telemetry and Zscaler proxy logs, and documented file hashes and process trees as forensic artifacts for L2 escalation packages. Monitored Azure AD authentication logs for suspicious login activity including brute force attempts and unusual geolocation access. Reviewed Microsoft Purview DLP alerts to identify potential data leakage and escalated confirmed incidents. Escalated 15–20 validated incident per week to L2/L3 teams with detailed investigation findings documented in ServiceNow, improving incident response turnaround time by 25%. Maintained and optimized SIEM health by identifying EPS spikes, detecting silent log sources, and reducing false positives through alert tuning; contributed to vulnerability triage activities and mapped attacker TTPs to MITRE ATT&CK for escalation documentation.
Education
Bachelor of Technology (B.Tech) - Majhighariani Institute of Technology & Science
- 2022 · Afghanistan
Certifications
Insta Award
Infosys SOC · 2025
Spot Award
Infosys SOC · 2024
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Need Sponsorship
Relocation
Open to Relocation
Skills (14)
Click a skill to find developers with the same skill
