About
SOC Analyst with 3.5+ years of experience in 24×7 Security Operations Centers, specializing in SIEM monitoring, alert triage, EDR/XDR investigations, incident response, phishing & malware analysis, and identity security. Hands-on expertise with Microsoft Sentinel, IBM QRadar, Forti SIEM, Microsoft 365 Defender, CrowdStrike, and Sentinel One. Strong understanding of MITRE ATT&CK, IOC analysis, and SLA-driven SOC operations.
Skills & Expertise (16)
Work Experience
Security Analyst
Cloud4C Services Pvt. Ltd.
Oct 2024 - Present
Worked in a 24×7 SOC environment, monitoring, triaging, and responding to 30–50 security alerts per shift using Microsoft Sentinel, Microsoft 365 Defender, IBM QRadar, and Forti SIEM, ensuring 100% SLA compliance. Investigate EDR/XDR alerts from Sentinel One and CrowdStrike, analyzing hashes, command-line arguments, file paths, IPs, domains, and geolocation to validate true positives and reduce false positives. Perform phishing and email security investigations using Microsoft 365 Defender (EOP) by analyzing headers, attachments, URLs, and sender reputation. Conduct static and dynamic malware analysis, identifying malicious indicators and providing manual remediation guidance when automated containment is not triggered. Detect and respond to brute-force attacks and suspicious authentication attempts by correlating SIEM alerts with Azure AD and identity logs. Investigate malicious IPs matched against IOCs, analyze firewall/proxy actions (deny, drop, reset), review bytes transferred, and block IPs exhibiting abnormal or suspicious behavior. Analyze Azure AD sign-in logs, identifying disabled accounts, anomalous locations, unfamiliar devices, and impossible travel events. Participate in major incident bridge calls, assist with root cause analysis (RCA), and support post-incident reporting and documentation.
Associate Security Analyst
SenSen Networks
May 2021 - Feb 2024
Worked as part of a Security Operations Center (SOC), monitoring and investigating alerts using IBM QRadar SIEM. Performed real-time alert monitoring, triage, and initial investigation in accordance with SLA and SOP requirements. Investigated Windows security events, including user account creation, deletion, and privilege escalation. Analyzed authentication-related alerts, including multiple failed logins attempts and suspicious logins. Monitored network security events, including firewall allow/deny actions, WAF-blocked requests, and malicious IP activity. Reviewed network traffic logs and executed response actions, including blocking malicious IP addresses. Investigated abnormal data transfer events to identify potential data exfiltration or compromised systems. Documented incidents and prepared incident reports, daily SOC reports, and weekly/monthly security reports for audits and management.
Education
Bachelor of Technology (Mechanical Engineering) - Jaya Mukhi Institute of Technological Sciences (JNTUH)
2014 - 2018 · Afghanistan
Intermediate - Sri Narayana Junior College
- 2014 · Afghanistan
SSC - Thapar Vidya Vihar
- 2012 · Afghanistan
