About
Highly skilled Security Operations Center (SOC) Analyst with proven expertise in threat detection, incident response, digital forensics, and vulnerability management across enterprise environments. Successfully handled 50+ ransomware and malware incidents, preventing potential data loss and reducing business downtime by up to 40%. Proficient in SIEM, EDR, and XDR platforms for real-time monitoring, alert triage, and rapid threat mitigation, including phishing, lateral movement, and advanced persistent threats (APTs).
Skills & Expertise (26)
Work Experience
Security Analyst L1
ConnectWise LLP
Jun 2023 - Present
I lead the investigation and response of high-severity (P1/P0) security incidents, ensuring rapid containment, eradication, and recovery to minimize business impact. Perform advanced threat hunting and detection engineering using KQL in Microsoft Defender and log correlation in Splunk to identify sophisticated attack patterns, lateral movement, and persistence mechanisms. Monitor and analyze security events across endpoints, servers, cloud, firewalls, IDS/IPS, and mobile devices within EDR/MDR/XDR platforms using SentinelOne, Bitdefender, and Microsoft Defender for Endpoint. Execute the complete incident response lifecycle including identification, containment, eradication, and recovery for a wide range of cyber threats such as ransomware, malware, and lateral movement, while conducting root cause analysis to prevent recurrence. Perform advanced log analysis and threat detection across large-scale environments. Utilize NG SIEM and Splunk for centralized log monitoring and investigation of security events. Conduct log correlation across multiple sources to detect anomalies, suspicious activities, and indicators of compromise (IOCs). Analyze process chains, endpoint telemetry, and system behavior to identify advanced and evasive threats. Manage and secure large-scale endpoint environments by investigating high volumes of alerts across thousands of endpoints using EDR tools, performing deep analysis of process trees, command-line executions, and file behaviors to validate threats and reduce false positives. Perform email security and phishing analysis using Mimecast and Microsoft Defender XDR. Analyze phishing emails, malicious attachments, and URL-based attacks to identify impersonation and social engineering attempts. Investigate email headers, sender reputation, and embedded links for accurate threat validation. Execute remediation actions including email blocking, quarantine management, and safe release of legitimate emails after thorough verification. Maintain comprehensive documentation of incidents, investigation findings, and response actions within ticketing systems, ensuring compliance with SOC processes, audit requirements, and industry best practices. Deliver training sessions and mentor new team members, enabling effective onboarding and strengthening overall team capability.
Security Analyst (Intern)
Cetas Cyber
Oct 2022 - Dec 2022
Worked as a SOC Analyst using Cetas UI to monitor incoming alerts and analyzed logs from sources like firewalls, proxies, and EDR tools. Investigated suspicious activity, correlating logs from various sources including firewalls, IDS/IPS, and endpoint protection tools. Conducted basic log analysis to trace attacker behavior and Created incident tickets and escalated confirmed threats to senior analysts following SOC procedures. Documented security incidents and created detailed analysis reports to support incident response and future prevention. Gained hands-on experience with incident response lifecycle: identification, containment, eradication, recovery, and lessons learned.
Education
Post-Graduation in Cyber Security - MIT WPU
2021 - 2022 · Afghanistan
Bachelor of Business Administration - Pune University
2018 - 2021 · Afghanistan
HSC - MSBTE
2016 - 2018 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (26)
Click a skill to find developers with the same skill
