About
Cybersecurity Analyst with 1.8+ years of experience in Security Operations, Threat Hunting, Incident Response, Vulnerability Management, and Endpoint Security. Skilled in investigating security incidents, IOC analysis, SIEM monitoring, phishing investigations, malware analysis, and detection engineering across enterprise environments. Hands-on experience with IBM QRadar, Microsoft Sentinel, CrowdStrike Falcon, SentinelOne, Carbon Black, Microsoft Defender, Bitdefender, Trend Micro, Darktrace, and Mimecast. Strong knowledge of MITRE ATT&CK, cloud security monitoring, AWS security services, Microsoft 365 Security, and automation using Python, SQL, PowerShell, and KQL.
Skills & Expertise (58)
Work Experience
Security Analyst - Endpoint Detection & Response (EDR)
SecurityHQ
Oct 2024 - Present
Investigated and triaged 200+ weekly alerts with 99% accuracy across SIEM, EDR, NDR, and CSPM including IBM QRadar, Sentinel, CrowdStrike, SentinelOne, Carbon Black, Bitdefender, Defender. Performed proactive threat hunting and IOC-driven investigations using MITRE ATT&CK and MITRE ATT&CK for Cloud TTPs, leveraging behavioral analytics to identify 15+ advanced threats. Correlated endpoint, network, email, and cloud telemetry to investigate suspicious authentication attempts, IAM misuse, anomalous API calls, privilege escalations, and unauthorized access events across 100+ enterprise client environments. Investigated 50+ phishing campaigns, malicious URLs, and email threats using Mimecast, Darktrace, and threat intel, reducing response time by 40% and blocking 90% of threats. Supported endpoint and cloud incident containment including host isolation, IOC blocking, IAM user suspension, access key revocation, and security group modifications, maintaining a 95%+ successful containment rate. Assisted in cloud security monitoring involving AWS CloudTrail, GuardDuty, IAM investigations, CSPM posture reviews, and flagging exposed storage and misconfigured workloads. Validated tooling health across 500+ cloud workloads, ensuring 99%+ EDR visibility and resolving 50+ config issues monthly across managed environments. Performed alert tuning, detection validation, and custom rule optimization contributing to 30%+ reduction in false positives and improved investigation efficiency. Built 10+ SOAR playbooks and automation workflows to streamline incident response, reducing MTTR by 35% and saving 40+ manual hours monthly across SOC. Maintained 100% SLA compliance for incident handling, reporting, documentation, and communication across multiple enterprise client environments. Collaborated with senior analysts and engineering teams on detection engineering improvements, post-incident reviews, and cloud-specific playbook updates supporting 20+ custom detection rule deployments.
Education
Bachelor of Technology (Computer Science & Engineering) - Raghu Institute of Technology
2020 - 2024 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (58)
Click a skill to find developers with the same skill
