About
Cybersecurity Analyst with 3+ years of experience as SOC Analyst L1/L2 in threat detection, incident response, and security operations, specializing in SIEM, EDR, and Email Gateway technologies. Dedicated to strengthening organizational security posture by proactively identifying and mitigating risks, optimizing monitoring systems, and ensuring compliance with industry standards. Aiming to apply my knowledge of advanced security tools and practices, while expanding my skills in new areas of cybersecurity and fostering team development.
Skills & Expertise (27)
Work Experience
SOC Analyst L1/L2
Wipro
Aug 2022 - Present
Continuously monitor and triage security alerts using Splunk, QRadar, Microsoft Sentinel, and Google Chronicle SIEM platforms. Perform initial alert triage to evaluate severity, confidence, and impact across all monitored systems. Analyze and correlate events across SIEM, EDR, Email, Network, Proxy, and Cloud data sources. Investigate endpoint alerts using SentinelOne, CrowdStrike, Carbon Black, and Microsoft Defender for Endpoint. Review endpoint process trees, command‑line executions, parent‑child relationships, and persistence indicators in SentinelOne and CrowdStrike. Monitor and analyze email phishing, impersonation, and malware alerts using Microsoft O365 Defender, Proofpoint, and KnowBe4. Perform detailed phishing analysis including email headers, sender domains, URLs, and attachments. Investigate network and firewall security alerts using Palo Alto, Cisco Meraki, Check Point, and Barracuda firewalls. Analyze inbound and outbound traffic patterns, port activity, and policy violations across firewall platforms. Monitor and investigate web traffic and proxy alerts using Zscaler and Forcepoint. Analyze risky browsing behavior, blocked categories, and suspicious downloads in Zscaler and Forcepoint logs. Investigate identity‑related alerts such as account lockouts, failed logins, password spray, brute force, and OAuth abuse. Correlate identity events across Azure AD / Entra ID, SIEM, and EDR platforms. Investigate IAM misuse, excessive permission denied actions, API abuse, and misconfigurations in Azure and AWS. Enrich alerts using threat intelligence platforms including VirusTotal Enterprise, Recorded Future, and Anomali. Perform IP reputation and risk analysis using AbuseIPDB (IPDB) and VirusTotal for suspicious source validation. Validate malicious indicators such as IPs, domains, URLs, and file hashes during investigations. Map security events/rules to the MITRE ATTACK framework and Cyber Kill Chain to identify attacker tactics and techniques. Identify attack stages such as Initial Access, Execution, Persistence, Privilege Escalation, and Lateral Movement. Perform root cause analysis by correlating multi‑stage attacker behavior across telemetry sources. Assess alert patterns to distinguish true positives, false positives, and benign operational activity. Escalate confirmed security incidents based on severity, business impact, and SOC playbooks. Coordinate with Cloud, Network, IAM, Email, and IT teams for validation and remediation. Document investigation details, evidence, and findings in ServiceNow and JIRA ticketing tools. Prepare clear technical summaries, investigation notes, and closure statements for each alert. Recommend remediation actions such as IOC blocking, password resets, MFA enforcement, or policy updates. Support alert tuning and detection logic refinement to reduce false positives in SIEM platforms. Track recurring alerts and contribute to continuous SOC process and detection improvement. Participate in shift handovers and provide accurate updates on open incidents. Monitor post‑incident activity to ensure containment and no recurrence. Prepare and share weekly security reports summarizing alerts, incidents, trends, and key risks. Maintain compliance with SOC SLAs, incident response procedures, and security standards.
Education
BTech - Acharya Nagarjuna University
- 2022 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (27)
Click a skill to find developers with the same skill
