About
SOC Analyst with 4+ years of experience in 24×7 enterprise environments at Infosys, managing the end-to-end incident response lifecycle across Splunk, Microsoft Defender, CrowdStrike, SentinelOne, and KnowBe4. Skilled in SIEM, SOAR, threat intelligence, and vulnerability management, with strong expertise in phishing/malware triage, Azure AD anomaly detection, DLP investigations, and MITRE ATT&CK-based threat hunting across 2,000+ endpoints.
Skills & Expertise (20)
Work Experience
SOC Analyst
Infosys Limited
Nov 2023 - Present
Investigated and managed 15–25 security incidents daily across the full incident response lifecycle, performing in-depth log analysis and threat detection using Splunk and Microsoft Sentinel; improved response efficiency by 15% and reduced MTTR. Conducted proactive threat hunting across 2,000+ endpoints using Microsoft Defender and SentinelOne, identifying and containing 2–4 previously undetected threats per month by correlating behavioral IOCs with intelligence from VirusTotal and Hybrid Analysis. Examined data exfiltration incidents using Microsoft Purview DLP; identified policy gaps leading to high false positives and implemented tuning recommendations that reduced alert noise by ~15%. Analyzed Azure AD Sign-in and Audit Logs to detect and respond to brute-force attempts, credential stuffing, and impossible travel scenarios, strengthening identity security monitoring. Reduced phishing triage turnaround time by 20% by developing a structured triage workflow in KnowBe4; analyzed email headers, sender reputation, URLs, and attachments (sandboxing) to classify and contain threats before user impact, handling 8–10 cases weekly. Generated daily, weekly, and monthly SOC reports highlighting incident trends, threat patterns, and detection gaps to improve overall security monitoring and response strategies.
SOC Analyst
Infosys Limited
Nov 2022 - Sep 2023
Monitored and triaged 20–40 security alerts per shift across Splunk SIEM, EDR, DLP, firewall, and Azure AD in a 24×7 SOC environment; consistently maintained <10-minute initial triage SLA across all alert categories. Performed L1 triage and validation of phishing, malware, DLP, and authentication alerts; applied standardized classification techniques that reduced false-positive escalations to L2 by 10–15%. Conducted end-to-end phishing analysis, including email header inspection, URL analysis, and attachment sandboxing; correlated findings with SentinelOne endpoint telemetry to confirm malicious activity. Monitored and analyzed Azure AD authentication logs to detect suspicious activities such as brute-force attempts, credential misuse, and anomalous geolocation access. Probed Microsoft Purview DLP alerts to identify potential data exfiltration risks; validated incidents and escalated confirmed threats with detailed context. Escalated 10–15 validated incidents per week to L2/L3 teams with comprehensive investigation notes documented in ServiceNow, improving incident response turnaround time by 15%. Maintained and enhanced SIEM health and performance by identifying EPS spikes, detecting silent/missing log sources, and tuning alerts to reduce false positives; supported vulnerability triage and mapped attacker TTPs to the MITRE ATT&CK framework for effective escalation and reporting.
Education
Bachelor of Technology (B.Tech) - Amalapuram
- 2021 · Afghanistan
Certifications
Insta Award
Infosys SOC · 2025
Spot Award
· 2024
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Need Sponsorship
Relocation
Open to Relocation
Skills (20)
Click a skill to find developers with the same skill
