About
Security Operations Analyst with hands-on experience in self-build enterprise SOC lab, specializing in SIEM-based threat detection, log analysis, alert triage, and incident investigation. Proficient in wazuh, SIEM, ELK stack, Wireshark and Python Scripting for security monitoring. Strong understanding of TCP/IP, firewall, IDS, IPS, VPN, and endpoint security concepts. Experienced in phishing email analysis, threat detection and mapping attacker technique to MITRE ATT&CK framework.
Skills & Expertise (51)
Work Experience
SOC Monitoring & Incident Response
Enterprise SOC Lab
Sep 2025 - Nov 2025
Built a multi-machine SOC lab (Windows Server + Ubuntu endpoints) with Wazuh SIEM and ELK Stack for centralized log ingestion, correlation, and real-time security monitoring across all endpoints. Monitored Windows Event IDs 4625, 4672, 4688, and 4698 to detect brute-force attacks, privilege escalation, process injection, and scheduled task persistence; configured Sysmon with custom rules for deep endpoint visibility. Developed and tuned 15+ custom Wazuh detection rules for SSH brute-force, unauthorized Sudo, port scanning, and suspicious PowerShell execution — reducing false positives by refining correlation thresholds and log filters. Executed structured alert triage (P1–P3 severity), performed root cause analysis, and mapped all findings to MITRE ATT&CK: T1110 (Brute Force), T1078 (Valid Accounts), T1046 (Network Scanning), T1053 (Scheduled Task). Built Kibana dashboards for alert trends, top offending IPs, and authentication heatmaps; analysed PCAP files using Wireshark to detect SYN floods, DNS exfiltration, and lateral movement indicators. Captured and analysed network traffic using Wireshark to identify SYN flood attempts, cleartext credential transmission over FTP/Telnet, suspicious DNS exfiltration patterns, and abnormal lateral movement traffic between lab hosts. Documented complete incident reports including timeline, evidence, ATT&CK mapping, and remediation steps — following structured SOC runbook and IR playbook standards.
Vulnerability Assessment
Simulated Enterprise Environment
Dec 2025 - Jan 2026
Conducted full VA lifecycle — scoping, host discovery, service enumeration, vulnerability scanning, exploitation validation, and reporting — across intentionally vulnerable Windows and Linux targets in an isolated lab. Used Nmap for full-port scans, service version detection, and OS fingerprinting; identified exposed RDP, SMB, SSH services and cross-referenced with CVE databases to assess exploitability and patch gaps. Identified OWASP Top 10 vulnerabilities (SQLi, XSS, Broken Auth) using OWASP ZAP; validated critical findings using Metasploit — mapped attack vectors to MITRE ATT&CK T1190, T1021, and T1059. Performed basic exploitation attempts in an isolated lab using Metasploit to validate identified vulnerability (Eternal blue on unpatched SMB), gaining hands – on understanding on how attackers move from initial access to compromise. Delivered a structured assessment report with executive summary, CVSS v3.1 risk ratings, evidence screenshots, and prioritized remediation recommendations — mirroring a real-world penetration testing deliverable.
Education
Mechanical engineer
2018 - 2024 · India
Certifications
AI-Powered Cyber Security
Frontlines Edu Tech · 2026
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Relocation
Open to Relocation
