About
Security Engineer with 3+ years of hands-on experience across SIEM engineering, endpoint detection, cloud security, and network defense. Proficient in Microsoft Sentinel and Splunk — building KQL detection rules, tuning alert thresholds, and delivering executive-grade dashboards across multi-client environments. Experienced in managing Zscaler ZIA/ZPA, Cloudflare WAF, and Fortinet Security Fabric at scale, with a track record of reducing false positives, eliminating policy complexity, and maintaining 99.9% uptime for critical platforms.
Skills & Expertise (32)
Work Experience
Security Engineer
WorldBank
May 2023 - Present
Created Azure Sentinel KQL detection rules for firewall anomalies, VPN brute force, and lateral movement across hybrid manufacturing networks. Configured Azure Sentinel workbooks for real-time security posture visualization and executive reporting dashboards. Tuned Splunk alert thresholds and suppression rules to reduce false positives, improving SOC analyst efficiency and ensuring high-fidelity detections aligned to the threat profile of the environment. Built Splunk dashboards consolidating security telemetry from firewalls, endpoints, and identity sources, enabling real-time visibility into threat activity and compliance posture for SOC and management reporting. Configured Cloudflare Bot Management with ML-based scoring to distinguish legitimate automation from malicious bot traffic. Managed Fortinet Security Fabric for 4 manufacturing clients with 40+ FortiGate devices, ensuring continuous protection of OT/IT convergence environments. Configure Zscaler ZIA/ZPA for 6,000+ users across 12 manufacturing plants, implementing URL filtering and cloud application security policies. Configured Cloudflare Enterprise WAF for e-commerce and B2B portal platforms, protecting against OWASP Top 10 and API abuse with 99.9% uptime. Monitored log ingestion pipelines, data connector health, and alert rule performance across multi-client environments. Investigated GuardDuty findings categorized by severity — including reconnaissance, credential exfiltration, and crypto-mining indicators — triaging alerts, correlating with CloudTrail events, and escalating confirmed threats for incident response. Configured CloudWatch metric alarms and log-based alerts to detect anomalous API call volumes, unauthorized access attempts, and resource configuration changes across AWS workloads. Analyzed CloudTrail logs to detect privilege escalation attempts, IAM policy modifications, unauthorized console logins, and sensitive resource access — escalating high-risk events for immediate investigation. Built and maintain workbooks, dashboards, and hunting libraries for SOC and executive reporting. Performed quarterly FortiManager policy audits eliminating unused rules, reducing policy base complexity by 30%. Documented security procedures and runbooks for 25+ recurring security operation scenarios, standardizing team response processes. Investigated and triaged email threats flagged by Abnormal Security and Proofpoint — analyzing email headers, sender reputation, payload behavior, and attack patterns to determine scope, origin, and remediation actions. Managed Proofpoint TRAP (Threat Response Auto-Pull) to automatically retract malicious emails from user mailboxes post-delivery, reducing dwell time and limiting exposure during active phishing campaigns. Reviewed Abnormal Security threat logs and campaign reports to identify emerging BEC patterns and attacker TTPs, feeding findings into threat intelligence workflows and tuning detection baselines accordingly. Monitored and validated Defender XDR alerts to identify endpoint threats — malware, ransomware, APTs. Conducted proactive threat hunting using Defender advanced hunting tools and KQL. Used Falcon EDR telemetry for threat hunting and IOC investigation in customer environments. Performed both static and dynamic malware analysis using IDA Pro, Ghidra, Cuckoo Sandbox, Any.Run, x64dbg. Analysed email headers, URLs, and attachments to determine phishing campaign origin and scope. Monitored and investigated phishing alerts; triage suspicious emails and escalate confirmed threats.
Education
B.Tech ECE - Swarnandhra College Of Engineering And Technology
- · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (32)
Click a skill to find developers with the same skill
