About
SOC & EDR Analyst with 3.6+ years of experience in Tier 1/Tier 2 security operations across large enterprise environments. Proficient in alert triage, IOC/IOA analysis, threat hunting, and endpoint incident response using Microsoft Defender for Endpoint (MDE) and CrowdStrike Falcon. Hands-on experience with SIEM platforms including Microsoft Sentinel and DNIF, with KQL-based log analysis and threat detection. Experienced in phishing investigation, malware analysis (Windows), root cause analysis (RCA), and M365/Entra ID identity security. Holds SC-200 certification. Familiar with MITRE ATT&CK TTPs, NIST CSF, and ISO 27001 compliance requirements.
Skills & Expertise (29)
Work Experience
Cybersecurity Analyst (SOC / EDR Operations)
Tata Consultancy Services
Sep 2022 - Present
Analysed, investigated, and resolved 20+ security tickets daily from SIEM and endpoint detection tools in alignment with defined SLAs and SOC/EDR workflows. Performed alert triage and prioritisation including false positive reduction based on severity, impact, and threat relevance for endpoint malware, phishing, and suspicious activity alerts. Monitored and analysed security events using Microsoft Sentinel and DNIF, performing log analysis, event correlation, and escalation of suspicious alerts with network traffic analysis. Investigated and responded to endpoint security incidents using Microsoft Defender for Endpoint (MDE) and CrowdStrike Falcon, including IOC/IOA analysis, alert validation, containment actions, and remediation support. Conducted root cause analysis (RCA) and identified threat actor TTPs using the MITRE ATT&CK framework, including detection of lateral movement, persistence, and privilege escalation techniques. Investigated phishing emails, suspicious email activity, and user-reported incidents, supporting remediation actions in Microsoft 365 environments with 95%+ SLA adherence. Reviewed and analysed identity-related alerts and sign-in activity in Microsoft 365 / Entra ID (Azure AD) through SIEM-integrated logs. Used Kusto Query Language (KQL) for log analysis and proactive threat hunting activities to identify suspicious patterns, anomalous behaviour, and indicators of compromise. Maintained accurate incident documentation, chain of custody records, investigation notes, and resolution details in ticketing systems (ITSM/BMC Helix) to support audit and compliance requirements. Executed SOC playbooks and standard operating procedures (SOPs) for common incident scenarios including SOAR-integrated workflows. Coordinated with infrastructure and internal security teams to ensure effective incident response and resolution, with cross-team collaboration across shift rotations. Supported security audits by preparing incident reports and explaining endpoint security policies aligned with ISO 27001 compliance requirements. Served as the primary customer-facing SPOC for EDR operations across a 20,000+ endpoint environment, handling end-to-end customer queries including incident investigation, endpoint policy clarification, Secure Score improvement, and user-reported EDR issues — ensuring timely communication, remediation, and customer satisfaction. Supported shift handovers by documenting ongoing investigations and ensuring operational continuity across 24x7 SOC operations.
Education
Master of Science in Information Security (MSCIS) – Pursuing - Indira Gandhi National Open University (IGNOU)
2026 - · Afghanistan
Bachelor of Technology (B.Tech) - Punyashlok Ahilyadevi Holkar University, Solapur
2018 - 2022 · Afghanistan
Certifications
TryHackMe – Advent of Cyber 2025
TryHackMe · 2025
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (29)
Click a skill to find developers with the same skill
