About
Experienced SOC Analyst with 4+ years of experience in Splunk ES SIEM, Microsoft Defender for Endpoint, O365 Defender, SentinelOne EDR/XDR, and Defender for Cloud. Expertise in phishing investigation, malware analysis, Windows and PowerShell alerts, persistence and lateral movement detection, C2C, proxy, network, IDS/IPS alerts, and incident response. Strong background in security monitoring, threat hunting, and incident handling in enterprise SOC environments.
Skills & Expertise (17)
Work Experience
IT Security Analyst
Network Intelligence
Sep 2019 - Dec 2021
Worked in a 24/7 Network Operations Center (NOC) providing continuous monitoring and support. Monitored network devices, including routers, switches, firewalls, and servers, using monitoring tools. Identified and responded to network alerts such as link down, high latency, packet loss, and CPU/memory utilization. Conducted phishing investigations using Microsoft 365 Email Security. Investigated password spray, brute-force, and risky sign-in alerts. Analyzed Windows Security, PowerShell, firewall, proxy, and IDS/IPS logs. Investigated malware, process injection, and persistence mechanisms. Performed host isolation, IOC blocking, and password resets.
SOC Analyst
KPIT Technologies
Jan 2022 - Present
Performed 24/7 security monitoring and alert triage using Splunk SIEM and SentinelOne across Windows endpoints, servers, network, and cloud environments. Investigated Windows security alerts related to successful and failed logons, abnormal authentication attempts, and suspicious account activities. Investigated Windows operating system alerts related to logon activity, privilege usage, process execution, and system changes. Investigated password spray attacks by identifying multiple authentication failures across numerous accounts from single or distributed source IPs. Detected and responded to pass-the-hash attacks by analyzing NTLM authentication patterns, abnormal SMB sessions, and lateral authentication behavior. Investigated Kerberos authentication alerts including brute force attempts, ticket misuse, and suspicious service ticket requests. Analyzed Azure AD sign-in alerts for impossible travel, risky sign-ins, legacy authentication abuse, and suspicious login locations. Investigated Azure AD audit logs for role assignments, conditional access changes, and suspicious service principal activities. Investigated PowerShell execution alerts, including encoded and obfuscated commands, remote PowerShell usage, and suspicious script behavior. Analyzed scheduled task creation and modification alerts used as persistence mechanisms on compromised systems. Investigated persistence techniques including registry Run keys, startup folder changes, services creation, and WMI event subscriptions. Detected and investigated lateral movement alerts involving SMB, RDP, WMI, PsExec, and abnormal admin share access. Investigated suspicious file downloads, execution paths, and registry modifications associated with malware infections. Monitored and analyzed network-based alerts involving suspicious IP addresses, domains, and threat intelligence indicators. Investigated proxy-related alerts indicating suspicious outbound web traffic, access to malicious or newly registered domains. Responded to malicious process execution alerts by analyzing process trees, command-line arguments, and parent-child relationships using EDR tools. Analyzed command-and-control (C2) communication alerts by identifying beaconing behavior, suspicious DNS queries, and anomalous outbound connections. Investigated EDR/XDR alerts from SentinelOne and Microsoft Defender for Endpoint, including behavioral detections and exploit attempts. Performed host isolation, process termination, file quarantine, and remediation actions using EDR tools during active incidents. Investigated antivirus alerts related to trojans, ransomware, spyware, and backdoor malware infections. Conducted malware analysis using hash reputation, static file attributes, and behavioral indicators to confirm malicious activity. Investigated phishing alerts using Microsoft 365 Defender Email Security, analyzing headers, URLs, attachments, and sender reputation. Investigated malicious URL and attachment detonation alerts originating from email and endpoint security platforms. Correlated alerts across SIEM, EDR, email security, and identity platforms to validate true positive security incidents. Worked closely with IT and incident response teams to support containment, eradication, and recovery efforts.
Education
Bachelor of Technologies - Jawaharlal Nehru Technological University
- 2017 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (17)
Click a skill to find developers with the same skill
