Back to Developers
Jaajam shiva shiva

Jaajam shiva shiva

SOC Analyst

Hyderabad, Telangana $20/hr Remote Full-time 3+ yrs exp 91 · Outstanding

About

Senior Security Analyst with 6+ years of professional experience (plus internship) in 24×7 Security Monitoring, Alert Triage, and Incident Response across enterprise environments. Proficient in SIEM and EDR technologies, including Splunk, Microsoft Sentinel, CrowdStrike Falcon, and Microsoft Defender for Endpoint. Skilled in Log Analysis, Threat Detection, Incident Investigation, and Root Cause Analysis (RCA) aligned with SOC playbooks and SLA requirements. Experienced in Phishing Analysis, IOC Investigation, and mapping threats to the MITRE ATT&CK framework. Seeking a SOC Analyst role to advance expertise in Threat Hunting and Advanced Threat Analysis.

Skills & Expertise (84)

Microsoft Sentinel Advanced
8.5/10
5
Years Exp
Incident Investigation & Response Advanced
8.3/10
5
Years Exp
Splunk Advanced
8.0/10
5
Years Exp
AWS Advanced
8.0/10
5
Years Exp
Cloud Security Monitoring Advanced
8.0/10
5
Years Exp
Threat Hunting Advanced
7.8/10
5
Years Exp
Log Analysis Advanced
7.7/10
3
Years Exp
Firewall Advanced
7.5/10
3
Years Exp
Malware Analysis Advanced
7.5/10
5
Years Exp
SIEM Rule Tuning Advanced
7.5/10
5
Years Exp
Azure Advanced
7.0/10
5
Years Exp
Phishing & Malware Analysis Advanced
7.0/10
5
Years Exp
Digital Forensics Intermediate
7.0/10
5
Years Exp
EDR Advanced
7.0/10
5
Years Exp
Phishing Analysis Advanced
7.0/10
5
Years Exp
Python Intermediate
6.5/10
5
Years Exp
Compliance Intermediate
6.5/10
5
Years Exp
ServiceNow Intermediate
6.0/10
5
Years Exp
XDR DLP Information security governance MITRE ATT&CK Mapping Jira IBM QRadar Microsoft Defender XDR DAST & SAST Network Enumeration Conditional Access Infrastructure as code with Terraform Docker-Compose Azure Kubernetes Service (AKS) Azure keyvault Azure Entra ID Cloud Security (Azure/AWS) LINUX Windows KQL Azure Key Vault MFA RBAC Entra ID WAF Fortinet CISCO Talos SPL Alert Triage Endpoint Investigation Threat Detection SentinelOne Microsoft Defender for Endpoint CrowdStrike Falcon Identity Protection Azure Active Directory Microsoft Azure Basic Threat Hunting IOC Handling Root Cause Analysis Incident Investigation MITRE ATT&CK AbuseIPDB URLScan VirusTotal Endpoint IPS IDS Burp Suite brute force Kali Linux URL investigation Header analysis Microsoft Purview Microsoft Defender for Office 365 Suricata Snort FortiGate Password Spraying WIRESHARK Nmap SMB HTTPS HTTP DNS IP TCP

Work Experience

Senior Security Analyst

Cybercarve Technologies (OPC) Private Limited

May 2024 - Present

Performed 24×7 Security Monitoring and Alert Triage using Splunk, Microsoft Sentinel, and CrowdStrike Falcon across endpoint, network, and cloud environments. Investigated security alerts and incidents related to malware, phishing, brute force attacks, and unauthorized access attempts. Conducted EDR-based investigations by analyzing process trees, command-line activity, file hashes, and endpoint telemetry. Analyzed logs from firewalls, IDS/IPS, endpoints, and Azure cloud environments to identify suspicious activity and potential security incidents. Performed incident validation and escalation to L2/L3 teams with proper analysis, supporting evidence, and SLA adherence. Correlated multi-source logs including cloud, endpoint, and network telemetry to identify attack patterns, lateral movement, and abnormal user behavior. Performed Root Cause Analysis (RCA) to determine attack vectors, impacted assets, and recommended remediation actions. Investigated Microsoft 365 DLP incidents (Microsoft Purview) to identify data exfiltration risks and insider threats. Conducted phishing and email security analysis using Microsoft Defender for Office 365, including header analysis and malicious URL investigation. Performed risk-based alert prioritization based on severity, asset criticality, and business impact. Worked in Microsoft Sentinel (Azure SIEM) for security monitoring, log analysis, and alert investigation in cloud and hybrid environments. Analyzed Azure Active Directory (Azure AD) sign-in logs and audit logs to detect suspicious authentication patterns and unauthorized access attempts. Investigated cloud security incidents in Azure environment, including risky sign-ins, abnormal user behavior, and identity-based attacks. Applied cloud security principles in Azure, including identity monitoring, access validation, and security event correlation. Supported incident response in cloud environments by correlating Azure logs with endpoint and network telemetry for full attack visibility. Used Microsoft Sentinel analytics rules and dashboards (workbooks) for cloud threat detection and investigation. Developed and refined SIEM detection use cases for identifying brute force attempts, suspicious PowerShell execution, and anomalous authentication behavior. Performed basic threat hunting activities by proactively analyzing logs and identifying suspicious patterns beyond triggered alerts. Contributed to improving detection coverage and alert quality by recommending enhancements to SIEM rules and EDR detection logic. Reduced false positives by tuning SIEM rules and improving detection logic. Collaborated with team members to support incident response and threat containment activities.

Security Analyst

Skillfied Mentor

Feb 2020 - Feb 2021

Supported security monitoring and alert triage using SIEM tooling in a supervised SOC environment; assisted with phishing email analysis, suspicious login investigation, and endpoint alert review under senior analyst guidance. Applied the MITRE ATT&CK framework for basic threat mapping; developed foundational skills in log analysis, incident validation, escalation procedures, and SOC documentation practices.

Security Analyst

Crystal Management Services Pvt Ltd

April 2021 - May 2024

Performed 24/7 shift-based L1/L2 security monitoring and alert triage using Splunk (SPL), IBM QRadar, and CrowdStrike Falcon across endpoint and network environments. Leveraged IBM QRadar for real-time event correlation and offence management — creating custom rules, building AQL queries to investigate multi-source log data, and managing offence workflows to prioritise and close incidents within SLA. Used IBM QRadar's Network Insights and flow data to detect anomalous network behaviour, lateral movement indicators, and potential data exfiltration paths, enriching endpoint alerts with network context for comprehensive incident triage. Configured IBM QRadar log sources, DSMs, and custom event properties to onboard new data feeds from firewalls, endpoints, and identity platforms, improving detection coverage and reducing mean time to detect (MTTD). Proficient in CrowdStrike Falcon Query Language (FQL) — writing targeted FQL queries in Falcon Investigate and Discover to hunt for suspicious processes, network connections, file writes, and registry modifications across the endpoint fleet. Investigated alerts for malware infections, brute force and password spraying attempts, unauthorised access, ransomware indicators, and suspicious user activity — performing log analysis, endpoint telemetry review, and threat intelligence correlation for each case. Monitored network traffic and protocols (TCP/IP, DNS, HTTP/S) using NDR tooling to detect suspicious communication, C2 activity, and potential exfiltration. Analysed Windows Event Logs, logon events, and authentication activity (Kerberos/NTLM) to detect credential abuse, unauthorised access, and lateral movement; performed MITRE ATT&CK TTP mapping for all investigated incidents. Escalated validated incidents to L2/L3 teams with complete documentation — impact assessment, IOC lists, timeline reconstruction, and supporting evidence — ensuring smooth handoffs and on-time SLA closure. Contributed to SOC process improvements: shift handover standards, escalation matrix documentation, and triage workflow updates that reduced operational gaps across teams. Conducted log analysis across Windows Event Logs, Sysmon telemetry, firewall logs, and proxy logs using Splunk SPL — correlating multi-source data to identify attack patterns, reconstruct incident timelines, and support escalation with well-evidenced findings. Performed structured threat analysis on flagged alerts — assessing attack intent, scope, and potential impact by cross-referencing IOCs against threat intelligence feeds (VirusTotal, AbuseIPDB, Cisco Talos) and mapping behaviours to MITRE ATT&CK TTPs. Assisted in insider threat investigations by monitoring anomalous user behaviour including off-hours access, mass file downloads, unauthorised data transfers, and policy violations.

Education

Bachelor of Commerce (B.Com Computer Applications-75%) - Osmania University

- · Afghanistan

Intermediate (79%) - Sree Vignan Junior College

- · Afghanistan

Secondary Education (80%) - Zilla Parishad High School

- · Afghanistan

Certifications

No certifications added yet

Interested in this developer?

Profile Score Breakdown

📷 Photo 10/10
📄 Resume 10/10
💼 Job Title 10/10
✍️ Bio 10/10
🛠️ Skills 20/20
🎓 Education 10/10
⏱️ Experience 11/15
💰 Rate 5/5
🏆 Certs 0/5
Verified 5/5
Total Score 91/100

Profile Overview

Member sinceFeb 2026
Work ModeRemote
AvailabilityFull-time

Availability Details

Visa Status

Citizen

Relocation

Depends on Offer