About
Results-driven SOC Analyst with 3+ years of MDR experience across 6 enterprise clients in a 24/7/365 environment. Owns the full incident lifecycle — from triaging 30+ alerts daily to leading P1/P2 response, root cause analysis, and post-incident reporting. Proficient across Splunk, Microsoft Sentinel, IBM QRadar, CrowdStrike, and SentinelOne; advanced threat hunting via KQL and MITRE ATT&CK. Consistently maintained 100% SLA compliance while reducing false positives through systematic SIEM fine-tuning. Recognized with the Kudos Award for outstanding MDR performance. Poised to step into an L2 or senior analyst role driving detection engineering and strategic threat response.
Skills & Expertise (27)
Work Experience
SOC Analyst (L2-Ready)
Ultraviolet Cyber
Jun 2022 - Jul 2025
Embedded in a multi-client MDR SOC, delivering continuous monitoring and incident response across 6 enterprise accounts spanning finance, healthcare, and technology verticals. Triaged and investigated 30+ security alerts daily across Splunk, Sentinel, and QRadar — consistently resolving within SLA across all 6 client accounts without breach over 3 years. Reduced alert noise by ~35% through targeted SIEM rule fine-tuning and creation of automated triage workflows, enabling the team to focus capacity on genuine threats. Classified and escalated true positives for phishing, malware, brute-force, credential compromise, MFA fraud, DDoS, and DLP violation incidents using a structured severity matrix. Led end-to-end response for P1 and P2 incidents — phishing campaigns, ransomware staging, and lateral movement events — executing host isolation, containment, and remediation within defined SLA windows. Performed deep-dive root cause analysis on network, endpoint, and server artefacts; documented attacker TTPs mapped to MITRE ATT&CK for post-incident reporting and lessons-learned reviews. Coordinated directly with SOC Managers and client CISOs during critical incidents, delivering clear, actionable briefings under pressure without escalation gaps. Conducted proactive threat hunts using advanced KQL queries in Microsoft Sentinel, surfacing low-signal threats — including LOLBAS abuse, credential dumping, and beaconing — that bypassed existing detections. Developed and tuned MITRE ATT&CK-aligned detection use cases targeting persistence, privilege escalation, and lateral movement, expanding detection coverage across the client portfolio. Proposed and validated domain/IP blocklist updates and rule modifications based on emerging threat intelligence, proactively strengthening client security posture. Investigated and remediated phishing, spear-phishing, and BEC campaigns via Proofpoint — analysing headers, payloads, and sandbox results to identify IOCs and prevent data exfiltration. Validated and enforced DKIM, DMARC, and SPF configurations across client domains, closing email authentication gaps that were exploited in earlier campaigns. Mentored and guided L1 analysts on triage methodology, escalation criteria, and tooling — reducing incorrect escalations and improving team throughput during peak alert loads. Authored SOPs, incident response playbooks, and security operations handbooks adopted team-wide, accelerating onboarding and ensuring cross-shift consistency.
Education
B.Tech – Computer Science - KLU University
2018 - 2022 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (27)
Click a skill to find developers with the same skill
