About
Competent professional with over 4 years of experience in ensuring delivery of quality SOC services and sufficient knowledge in Security Information, Event Management and SECURITY OPERATIONS CENTRE as a senior information security analyst. Proven expertise in security incident analysis, SIEM tools, MS O365 defender, managing proxy incidents.
Skills & Expertise (22)
Work Experience
Senior Security Analyst
Deloitte
Aug 2022 - Jan 2026
Performed 24/7 proactive security monitoring using SIEM dashboards and alerts in a rotational shift environment. Monitored and investigated real-time security events from multiple log sources including firewalls, proxies, WAF, IPS, endpoints, and network devices. Analyzed and triaged SIEM alerts using IBM QRadar, following defined runbooks and SOPs. Identifying notable security alerts and performing deep analysis by collecting logs, working on EDR and other supporting tools, escalating alerts, and tracking incidents until closure. Detected, investigated, and responded to security incidents, intrusions, and suspicious or unauthorized activities. Correlated security events and performed root cause analysis to validate alert legitimacy and impact. Identify indicators of compromise (IOC) that need further investigation and develop use cases and rules. Developed runbooks for blocked WAF signatures, automating enrichment/triage steps that minimized false positives for critical infrastructure. Investigated reported emails to determine the nature of alleged threats: phishing, BEC, malware, non-malicious, or scam. Created, documented, and managed security incidents, providing recommendations and assigning to appropriate teams. Utilized Cortex XSOAR for automated enrichment and triage of QRadar alerts. Coordinated with cross-functional teams like Threat Hunting Reviewed QRadar proxy traffic and device events for suspicious patterns, identifying risks and recommending detection improvements. Defined correlation rules, fine-tuned existing rules to improve performance and reduce false positives, generating alerts for true security incidents. Tuned QRadar alerts for WAF blocks, user analytics and data transfers by raising thresholds and adding whitelists, cutting false positives while maintaining threat coverage. Prepared and maintained SOC daily/weekly reports and shift handover documentation to support continuous operations. Trained new employees, provided relevant information, and encouraged a process of continued, self-directed learning.
Education
Bachelor of Engineering - Navodaya Institute of Technology
- · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Citizen
Relocation
Open to Relocation
Skills (22)
Click a skill to find developers with the same skill
