About
Client-side SOC Analyst with 1.5 years of experience in a regulated enterprise environment, receiving and validating alerts generated by an external MSSP. Hands-on experience investigating 200+ daily alerts across authentication, endpoint, network, and proxy layers — using SentinelOne EDR, Zscaler, and Cisco VPN logs independently on the client side. Strong background in root cause analysis, false-positive reduction, privileged account monitoring, and clear stakeholder escalation. Independently created SOC investigation playbooks adopted by the team, referenced during NPCI and PCI DSS audits, and used to train new analysts.
Skills & Expertise (33)
Work Experience
SOC Analyst – Client-Side SOC (L1)
C-EDGE Technologies
Present - Present
Served as the client-side security analyst responsible for receiving, validating, and acting on alerts generated by an external MSSP. All SIEM (LogRhythm) operations were managed by the MSSP; client-side tools included SentinelOne, Zscaler, Cisco VPN, and Windows/Linux log analysis. Investigated and closed 200+ daily MSSP-generated alerts, prioritizing by asset criticality and business impact with documented root cause and evidence for every closure. Analyzed SentinelOne EDR alerts for malware detections — confirmed execution status, validated quarantine actions, and coordinated endpoint isolation and full scans where required. Investigated Windows authentication alerts (Event IDs 4625, 4624) to detect brute force attempts, account lockouts, and anomalous login patterns; escalated confirmed threats with timelines and evidence. Analyzed process execution alerts (Event ID 4688) to identify suspicious script or binary behavior and escalated accordingly. Investigated Linux/Unix SSH brute force alerts; identified false positives caused by internal automation scripts, coordinated corrective actions, and closed with documented findings. Monitored privileged account (admin/root) activity and validated access against maintenance windows and change records to reduce unnecessary escalations. Investigated VPN brute force alerts; identified shared credential misuse and worked with IT teams to enforce access control improvements. Reviewed Zscaler proxy alerts for suspicious web traffic and validated against business context and threat intelligence (VirusTotal, AbuseIPDB). Extracted and validated IOCs (IP addresses, domains, file hashes) and included findings in escalation notes to the MSSP. Created and operationalized SOC alert investigation playbooks — adopted by the team, referenced during NPCI audits, and used to onboard and train new analysts on standardized triage and escalation workflows. Supported NPCI and PCI DSS audits by preparing security inventory, audit evidence, and compliance documentation. Participated in alert tuning discussions with the MSSP to reduce false positive noise and improve detection quality.
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Relocation
Open to Relocation
