About
Senior Security Analyst with 6+ years of professional experience (plus internship) in 24×7 Security Monitoring, Alert Triage, and Incident Response across enterprise environments. Proficient in SIEM and EDR technologies, including Splunk, Microsoft Sentinel, CrowdStrike Falcon, and Microsoft Defender for Endpoint. Skilled in Log Analysis, Threat Detection, Incident Investigation, and Root Cause Analysis (RCA) aligned with SOC playbooks and SLA requirements. Experienced in Phishing Analysis, IOC Investigation, and mapping threats to the MITRE ATT&CK framework. Seeking a SOC Analyst role to advance expertise in Threat Hunting and Advanced Threat Analysis.
Skills & Expertise (84)
Work Experience
Senior Security Analyst
Cybercarve Technologies (OPC) Private Limited
May 2024 - Present
Performed 24×7 Security Monitoring and Alert Triage using Splunk, Microsoft Sentinel, and CrowdStrike Falcon across endpoint, network, and cloud environments. Investigated security alerts and incidents related to malware, phishing, brute force attacks, and unauthorized access attempts. Conducted EDR-based investigations by analyzing process trees, command-line activity, file hashes, and endpoint telemetry. Analyzed logs from firewalls, IDS/IPS, endpoints, and Azure cloud environments to identify suspicious activity and potential security incidents. Performed incident validation and escalation to L2/L3 teams with proper analysis, supporting evidence, and SLA adherence. Correlated multi-source logs including cloud, endpoint, and network telemetry to identify attack patterns, lateral movement, and abnormal user behavior. Performed Root Cause Analysis (RCA) to determine attack vectors, impacted assets, and recommended remediation actions. Investigated Microsoft 365 DLP incidents (Microsoft Purview) to identify data exfiltration risks and insider threats. Conducted phishing and email security analysis using Microsoft Defender for Office 365, including header analysis and malicious URL investigation. Performed risk-based alert prioritization based on severity, asset criticality, and business impact. Worked in Microsoft Sentinel (Azure SIEM) for security monitoring, log analysis, and alert investigation in cloud and hybrid environments. Analyzed Azure Active Directory (Azure AD) sign-in logs and audit logs to detect suspicious authentication patterns and unauthorized access attempts. Investigated cloud security incidents in Azure environment, including risky sign-ins, abnormal user behavior, and identity-based attacks. Applied cloud security principles in Azure, including identity monitoring, access validation, and security event correlation. Supported incident response in cloud environments by correlating Azure logs with endpoint and network telemetry for full attack visibility. Used Microsoft Sentinel analytics rules and dashboards (workbooks) for cloud threat detection and investigation. Developed and refined SIEM detection use cases for identifying brute force attempts, suspicious PowerShell execution, and anomalous authentication behavior. Performed basic threat hunting activities by proactively analyzing logs and identifying suspicious patterns beyond triggered alerts. Contributed to improving detection coverage and alert quality by recommending enhancements to SIEM rules and EDR detection logic. Reduced false positives by tuning SIEM rules and improving detection logic. Collaborated with team members to support incident response and threat containment activities.
Security Analyst
Skillfied Mentor
Feb 2020 - Feb 2021
Supported security monitoring and alert triage using SIEM tooling in a supervised SOC environment; assisted with phishing email analysis, suspicious login investigation, and endpoint alert review under senior analyst guidance. Applied the MITRE ATT&CK framework for basic threat mapping; developed foundational skills in log analysis, incident validation, escalation procedures, and SOC documentation practices.
Security Analyst
Crystal Management Services Pvt Ltd
April 2021 - May 2024
Performed 24/7 shift-based L1/L2 security monitoring and alert triage using Splunk (SPL), IBM QRadar, and CrowdStrike Falcon across endpoint and network environments. Leveraged IBM QRadar for real-time event correlation and offence management — creating custom rules, building AQL queries to investigate multi-source log data, and managing offence workflows to prioritise and close incidents within SLA. Used IBM QRadar's Network Insights and flow data to detect anomalous network behaviour, lateral movement indicators, and potential data exfiltration paths, enriching endpoint alerts with network context for comprehensive incident triage. Configured IBM QRadar log sources, DSMs, and custom event properties to onboard new data feeds from firewalls, endpoints, and identity platforms, improving detection coverage and reducing mean time to detect (MTTD). Proficient in CrowdStrike Falcon Query Language (FQL) — writing targeted FQL queries in Falcon Investigate and Discover to hunt for suspicious processes, network connections, file writes, and registry modifications across the endpoint fleet. Investigated alerts for malware infections, brute force and password spraying attempts, unauthorised access, ransomware indicators, and suspicious user activity — performing log analysis, endpoint telemetry review, and threat intelligence correlation for each case. Monitored network traffic and protocols (TCP/IP, DNS, HTTP/S) using NDR tooling to detect suspicious communication, C2 activity, and potential exfiltration. Analysed Windows Event Logs, logon events, and authentication activity (Kerberos/NTLM) to detect credential abuse, unauthorised access, and lateral movement; performed MITRE ATT&CK TTP mapping for all investigated incidents. Escalated validated incidents to L2/L3 teams with complete documentation — impact assessment, IOC lists, timeline reconstruction, and supporting evidence — ensuring smooth handoffs and on-time SLA closure. Contributed to SOC process improvements: shift handover standards, escalation matrix documentation, and triage workflow updates that reduced operational gaps across teams. Conducted log analysis across Windows Event Logs, Sysmon telemetry, firewall logs, and proxy logs using Splunk SPL — correlating multi-source data to identify attack patterns, reconstruct incident timelines, and support escalation with well-evidenced findings. Performed structured threat analysis on flagged alerts — assessing attack intent, scope, and potential impact by cross-referencing IOCs against threat intelligence feeds (VirusTotal, AbuseIPDB, Cisco Talos) and mapping behaviours to MITRE ATT&CK TTPs. Assisted in insider threat investigations by monitoring anomalous user behaviour including off-hours access, mass file downloads, unauthorised data transfers, and policy violations.
Education
Bachelor of Commerce (B.Com Computer Applications-75%) - Osmania University
- · Afghanistan
Intermediate (79%) - Sree Vignan Junior College
- · Afghanistan
Secondary Education (80%) - Zilla Parishad High School
- · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Citizen
Relocation
Depends on Offer
Skills (84)
Click a skill to find developers with the same skill