About
SOC Analyst with 5+ years of hands-on experience in Security Operations Center (SOC), SIEM engineering, threat detection, and incident response. Specialized in Splunk Enterprise Security and Microsoft Sentinel for detection engineering, use case development, and hypothesis-driven threat hunting. Strong expertise in malware analysis, MITRE ATT&CK mapping, alert tuning, and cloud security monitoring across Azure environments.
Skills & Expertise (18)
Work Experience
Senior SOC Analyst
Network Intelligence INDIA Pvt.Ltd
Jan 2023 - Jan 2026
Developed Splunk correlation searches using SPL and Sentinel analytics rules using KQL for malware detection, credential abuse, lateral movement, and command-and-control activity. Performed hypothesis-driven threat hunting to identify advanced persistent threats (APT), LOLBins abuse, PowerShell misuse, and anomalous authentication behavior. Conducted static and dynamic malware analysis to extract indicators of compromise (IOCs), persistence mechanisms, and execution techniques. Tuned SIEM alerts and correlation rules, reducing false positives by over 40% while improving detection accuracy. Integrated log sources including Windows Event Logs, Sysmon, EDR telemetry, Azure AD (Entra ID), Microsoft Defender, firewall, proxy, VPN, and DNS logs. Led incident response activities including alert triage, containment, root cause analysis (RCA), and post-incident reporting. Built Splunk dashboards and Sentinel workbooks for SOC visibility and operational monitoring. Built real-time correlation searches for brute-force attacks followed by successful login events. Performed proactive threat hunting in Microsoft Sentinel using KQL to detect password spray, impossible travel, MFA fatigue, and privilege escalation.
SOC Analyst
Sakeesoft Pvt.Ltd
Jan 2021 - Jan 2023
Monitored and investigated security alerts from Splunk SIEM across endpoint, network, and cloud environments. Assisted in development of baseline SIEM use cases and dashboards for SOC operations. Supported malware investigations through IOC analysis, sandbox execution, and threat intelligence enrichment. Documented incident response procedures, SOC runbooks, and detection logic. Collaborated with IT and security teams to remediate vulnerabilities and security incidents.
Security Analyst
CMS IT Services
Jan 2019 - Jan 2021
Managed user accounts across Active Directory, Azure AD, and enterprise applications. Executed access provisioning/deprovisioning for new hires, transfers, and terminations. Implemented RBAC, access control matrices, and least privilege enforcement. Provisioned privileged/administrative access following approval workflows. Conducted access reviews and audit support.
Education
Bachelor of Engineering - Srinivas Institute of Technology
- 2018 · Afghanistan
