About
SOC Analyst - L1 with 2 years of hands-on experience working in 24x7 Security Operations Centers, specializing in SIEM monitoring, phishing investigations, endpoint security, and incident response. Proficient in Splunk, CrowdStrike, and Proofpoint. Experienced in alert triage, incident handling, log analysis, MITRE ATT&CK mapping, and email security investigations (SPF, DKIM, DMARC). Strong ability to identify true positives, escalate critical incidents, and support remediation in accordance with SOPs and SLAs.
Skills & Expertise (40)
Work Experience
Security Analyst L1
AppDirect
Nov 2025 - Present
Monitor and triage security alerts using Splunk and Microsoft Sentinel in a 24x7 SOC environment. Analyze alerts from endpoint security, firewalls, IDS/IPS, web and email gateways to identify true positives and false positives. Investigate phishing emails, malicious domains, URLs, and IPs using OSINT and sandbox tools, and recommend blocking actions. Perform initial incident triage, classification, documentation, and escalation according to SOPs and SLAs. Handle P1 and P2 incidents under senior analyst guidance and manage P3 and P4 incidents through closure. Conduct log analysis across firewall, DNS, proxy, and email logs to detect intrusion attempts. Communicate with customers during high-priority incidents and assist with remediation actions. Prepare incident reports and maintain accurate incident tracking and documentation.
Security Analyst L1
Codebees Technologies Private Limited
Nov 2023 - Oct 2025
Actively monitoring security events with Splunk analyzing logs and investigating incidents to identify and mitigate security threats to ensure the organization's security posture remains strong. Responsible for handling and mitigating attacks related to malware, viruses, spoofing, phishing, spam and email monitoring. Work in the Security Operation Center (24x7), monitoring SOC events, email security, intrusion detection and prevention Monitor, analyzing and responding to threats to infrastructure Detecting, investigating and remediating security breaches and incidents. Understanding the incident is based on determining whether it is a false positive or a true positive. Working closely with the rest of the security team to ensure our systems and networks are secure and meet industry standards. Understanding of possible attack activities such as network probing/scanning, DDOS, malicious code activities, exfiltration, credential access, etc. Good understanding of cyber-attacks such as DOS, DDOS, MITM, SQL injection, XSS. Initial troubleshooting of communication issues with log sources. Creating tickets for necessary tasks to be performed by external teams. Ensuring tasks are emailed to the appropriate team(s) and documenting and tracking activity on tickets in accordance with ticketing procedures and noting in shift logs in accordance with shift reporting procedures. Perform system and tool checks.
Education
Bachelor of Technology (B.Tech.) - Priyadarshini Institute of Science and Technology for Women
2019 - 2023 · Afghanistan
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Citizen
Relocation
Not Open to Relocation
