About
SOC Analyst with 2.3+ years of experience in Security Operations, specializing in threat monitoring, alert triage, incident response, and security event analysis across enterprise and MSSP environments. Hands-on experience with SIEM tools, EDR solutions, and email security platforms for detecting and mitigating phishing, malware, and endpoint security incidents. Skilled in utilizing OSINT techniques and the MITRE ATT&CK Framework for threat analysis and incident investigation. Proficient in Root Cause Analysis (RCA), SLA management, SOP development, and collaborating with cross-functional teams in 24/7 SOC environments. Strong understanding of cybersecurity operations with a commitment to continuous learning and delivering effective security solutions.
Skills & Expertise (17)
Work Experience
SOC Analyst
Vault Infosec
Feb 2025 - Present
Monitored and analyzed security alerts via Seceon & Microsoft Sentinel through ITSM platforms in an MSSP environment. Managed endpoint security alerts by investigating incidents using SIEM and EDR tools, identifying false positives and true positives, and executing appropriate response actions. Performed alert triaging to distinguish false positives from genuine threats, escalating suspicious activities and ensuring SLA compliance across all client environments. Conducted email security investigations by analyzing SPF, DKIM, and DMARC records; investigated phishing, spam, and legitimate emails from ticketing queues, and implemented mitigation actions including malicious URL blocking and email quarantine using Proofpoint. Performed incident remediation activities including removal of malicious files, endpoint isolation, network containment, and execution of security scans based on severity. Performed RootCause Analysis (RCA) on security incidents to identify impact, vulnerabilities, and risk exposure. Understanding of ISO 27001 information security management standards. Conducted OSINT-based investigations to validate, enrich, and mitigate security incidents. Raised tickets for validated incidents with detailed analysis, remediation recommendations, and documented findings for continuous improvement. Prepared and delivered daily, weekly, and monthly security reports on alert statuses, incident summaries, and overall security posture. Developed and maintained Standard Operating Procedures (SOPs) to improve consistency and efficiency in security operations. Collaborated with cross-functional teams to resolve security incidents while ensuring adherence to SLAs. Experience in implementing, and managing solutions to security and infrastructure environments.
SOC Analyst
Positka
Apr 2024 - Dec 2024
Monitored real-time security events and analyzed logs using Splunk SIEM and Microsoft Defender for Endpoint to detect, investigate, and respond to potential security threats. Performed alert triage by distinguishing false positives from genuine threats, escalating confirmed incidents to senior analysts while ensuring SLA compliance across multiple client environments. Investigated and responded to security incidents across three client environments, performing containment, eradication, and remediation activities to minimize organizational impact. Conducted phishing email investigations by analyzing malicious emails, suspicious URLs, and email authentication protocols including SPF, DKIM, and DMARC to mitigate social engineering attacks. Solid knowledge of security practices and essential security technologies (AV, EDR, SIEM, WAF, DLP, IDS/IPS). Understanding of the use of the Nessus vulnerability assessment tool. Created and managed incident tickets with detailed investigation findings, root cause analysis (RCA), and remediation recommendations using ITSM processes. Analyzed client-specific network architectures and security controls to improve threat detection accuracy and incident response effectiveness. Developed and maintained Standard Operating Procedures (SOPs) for SOC use cases, improving operational efficiency and workflow consistency. Collaborated with clients and internal teams through escalations and meetings, documenting Minutes of Meeting (MOM) and providing actionable threat intelligence insights. Prepared daily operational reports including alert summaries, incident status updates, SLA metrics, and ticket resolution statistics.
Education
Bachelor of Technology (B. Tech) - Sagi Rama Krishnam Raju Engineering College (SRKR)
2019 - 2023 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (17)
Click a skill to find developers with the same skill
