About
Dedicated and results-driven SOC Analyst with over 4 years of hands-on experience in Security Operations, Incident Response, and Threat Detection. Proficient in monitoring, triaging, and responding to complex security incidents using tools such as Cortex XDR, CrowdStrike, SentinelOne, Splunk, QRadar, and Microsoft Sentinel. Experienced in analyzing phishing attacks, endpoint threats, and user behavior anomalies across cloud and hybrid environments using Azure AD, Entra ID, FortiSASE, FortiCASB, and Office Defender Cloud. Skilled in vulnerability management (Nessus), SIEM rule tuning, and integrating threat intelligence from platforms like Digital Shadows. Strong understanding of DLP, WAF, IDS/IPS, and security best practices. Familiar with Jira and ServiceNow for incident lifecycle management, and effective cross-team collaboration. Passionate about strengthening organizational security posture through proactive threat hunting, process automation, and continuous improvement.
Skills & Expertise (8)
Work Experience
Senior SOC Analyst
Ncore Technologies
Sep 2024 - Present
Oversaw and evaluated security events using SIEM platforms like Splunk, QRadar, and Microsoft Sentinel. Executed real-time threat detection and incident response, utilizing Cortex XDR, FortiSASE, and FortiCASB. Analyzed suspicious Azure AD login attempts and account breaches, employing Azure AD, Entra ID, and Office Defender Cloud. Executed phishing investigations utilizing O365 Defender, Proofpoint, and KnowBe4, escalating confirmed threats. Established and managed incident tickets through Jira and ServiceNow, ensuring SLA adherence. Executed malware analysis, IOC correlation, and endpoint triage using CrowdStrike, SentinelOne, and Cortex XDR. Collaborated with threat intelligence tools, including Digital Shadows, to monitor external threats aimed at the organization. Investigated suspicious blockchain transactions and wallet interactions for potential fraud or malicious activity. Performed threat analysis on the web3 ecosystem, including DeFi protocols and crypto exchanges. Monitored wallet security risks including phishing, seed phrase compromise, and malicious DApps. Facilitated vulnerability remediation and reporting through Nessus, coordinating with IT teams for effective patching. Engaged in threat hunting, utilizing the MITRE ATT&CK framework, and producing comprehensive, deep-dive reports. Recorded SOPs, IR workflows, and an enhanced SOC knowledge base for improved incident handling. Managed incident response activities, including the investigation and reporting of security breaches. Monitored network traffic for suspicious activity to prevent cyberattacks and data breaches. Partner with various teams across the organization to strengthen the security posture.
Security Analyst
Adriot Cadentech pvt ltd
Mar 2023 - Sep 2024
Monitored alerts using Wazuh and QRadar, focusing on malware, phishing, and suspicious network behavior. Investigated and resolved endpoint alerts using SentinelOne and Falcon CrowdStrike EDR solutions. Responded to data loss prevention alerts through DLP and WAF configurations. Analyzed phishing attempts using KnowBe4, and reported false positives for tuning. Collaborated with the infrastructure, firewall, and security teams to block malicious IPs and domains. Utilized Jira and ServiceNow for ticketing, incident tracking, and root cause documentation. Supported the vulnerability management program by analyzing reports from Nessus, and aligning remediation with business risk. Participated in internal security audits and ensured log compliance for AWS and hybrid environments. Interacted with Logic Apps, XDR, and the ELK stack for custom correlation and alert visualization. Conducted security awareness and phishing simulations using KnowBe4.
SOC Analyst
Uber
Aug 2021 - Oct 2022
Provided 24/7 SOC support and triaged events from Splunk Logger and ESM dashboards. Conducted initial triage of phishing emails, malware alerts, and endpoint behavioral anomalies. Reported abnormal user behavior and login anomalies using Azure AD logs. Raised and tracked incidents in ServiceNow, ensuring resolution or escalation within defined SLAs. Utilized Proofpoint and O365 Defender to identify and quarantine suspicious emails. Documented incident response steps, and supported RCA creation. Monitored cloud and on-premises environments using SIEM, and reported deviations from normal baselines. Escalated confirmed events to the IR team, and tracked remediation progress. Generated shift handover reports, ensuring incident continuity, and resolution tracking.
Education
BTECH - Raghu Engineering College
- 2018 · Afghanistan
