About
SOC Analyst with 4+ years of hands-on experience in 24/7 security operations, incident response, threat hunting, and detection engineering across enterprise environments. Proficient in SIEM (Microsoft Sentinel, Splunk), EDR platforms (CrowdStrike Falcon, Microsoft Defender for Endpoint), and threat intelligence-driven alert triage. Skilled in IOC extraction and validation, true/false positive analysis, MITRE ATT&CK; technique mapping, and SLA-driven escalation workflows (L1 to L2). Experienced in detection rule tuning, use-case development, threat hunting, and audit-quality incident documentation. Proven impact: MTTD reduced by 35% and incident response turnaround improved by 40%.
Skills & Expertise (42)
Work Experience
Security Analyst
Signovate Technologies Pvt. Ltd.
Nov 2025 - Present
Monitored and analyzed 60-100+ security events daily across SIEM (Microsoft Sentinel), IDS/IPS, and EDR platforms (CrowdStrike Falcon, Microsoft Defender for Endpoint) in a 24/7 SOC environment. Performed proactive threat hunting using KQL queries, UEBA alerts, and threat intelligence feeds to identify low-and-slow attacks not caught by automated rules. Conducted incident response across the full lifecycle including alert triage, threat investigation, escalation, containment, and closure achieving SLA-based resolution for 95% of assigned incidents. Performed detection rule tuning and SOAR playbook review to reduce false positive rates and improve detection accuracy; contributed to use-case engineering for recurring attack patterns. Conducted root cause analysis for high-severity incidents involving phishing, malware, brute-force, lateral movement, and credential-based attacks; documented findings to audit-ready standards. Applied MITRE ATT&CK; framework to map adversary techniques (T1566, T1078, T1110, T1021) and supported structured incident reporting and detection use-case development. Produced security incident reports, investigation timelines, and monthly threat trend summaries for governance and management reporting.
Investigation Associate
Amazon
Mar 2025 - Oct 2025
Triaged high-volume accounts to detect and classify suspicious and abusive activity directly mirroring SOC L1 alert triage and classification workflows. Analyzed behavioral patterns, risk indicators, and anomaly signals to determine threat severity and route cases to appropriate action queues consistent with SOC escalation procedures (L1 to L2). Maintained 98-99% audit quality through precise evidence-based decision-making and thorough case documentation aligned with SOC incident response recording standards. Achieved 20-30% reduction in Average Handle Time (AHT) through workflow optimization while sustaining full SLA compliance across all investigation queues. Escalated high-risk cases following defined investigation runbooks directly analogous to L1 to L2 escalation in a Security Operations Center.
SOC Analyst L1
VZURE Software Network Solutions
Dec 2021 - Dec 2024
Monitored and triaged 50-100 security alerts daily using Microsoft Sentinel (KQL) and Splunk, classifying events and escalating confirmed incidents to L2 analysts per defined SLAs. Developed and refined KQL detection queries and Splunk SPL searches to optimize threat detection, reduce alert noise, and improve log ingestion contributing to detection engineering efforts. Performed EDR-based endpoint investigation using CrowdStrike Falcon and Microsoft Defender for Endpoint; executed true/false positive analysis on 80-90% of daily alerts with validated IOC documentation. Conducted threat hunting exercises and network traffic analysis using Wireshark and Nmap to identify lateral movement, anomalous behavior, and intrusion indicators. Responded to phishing, malware, brute-force, unauthorized access, and suspicious login alerts per SOC playbooks averaging 3-5 confirmed L2 escalations per week with full incident response documentation. Applied MITRE ATT&CK; framework to map attacker TTPs during active investigations and contributed to detection rule tuning to reduce MTTD. Coordinated vulnerability assessments using Qualys; triaged scan findings by CVSS severity and tracked remediation SLAs with relevant teams. Documented incident timelines, RCA reports, and investigation findings to audit-ready standards; maintained 95%+ SLA compliance across all assigned incidents.
Education
M.Tech - Thermal Power Engineering - PDA College of Engineering
- 2021 · Afghanistan
B.E - Mechanical Engineering - PDA College of Engineering
- 2018 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Citizen
Relocation
Open to Relocation
Skills (42)
Click a skill to find developers with the same skill
