About
Cybersecurity professional with 3.5+ years of IT experience. Strong background in Security Operations, Incident Response, and Threat Detection, skilled in leveraging a broad range of SIEM and EDR to safeguard systems and efficiently manage security incidents. Proficient in conducting dynamic malware analysis, vulnerability assessments, and evidence collection to strengthen organizational security posture. Adept at triaging phishing threats and ensuring the integrity of sensors and endpoints.
Skills & Expertise (24)
Work Experience
Security Analyst
Ultraviolet Cyber (UVCyber)
Jun 2025 - Jan 2026
Perform in-depth analysis using OpenSearch (Kibana plugin), Singularity Data Lake, Sentinel One, and Torq AI to identify potential threats. Escalate confirmed incidents to customers with detailed investigation summaries and mitigation recommendations. Administer Endpoint Detection and Response (EDR) operations using Trend Micro, monitoring and responding to endpoint security incidents. Support both finance and multi-tenant MDR projects, handling clients from logistics, IT, banking, and marine sectors. Contribute to annual Cybersecurity Awareness Campaigns during October Cybersecurity Awareness Month, promoting best practices across the organization. Participated in all phases of incident response, from detection to post-incident reporting and lessons learned. Proposed and implemented security procedure improvements to mitigate future risks.
Security Analyst
Tata Consultancy Services
Jul 2021 - Apr 2025
Monitor and investigate security events in Microsoft Sentinel, building and tuning KQL analytics, workbooks, and scheduled queries to improve detection fidelity and visibility. Triage and respond to alerts from Microsoft Defender and CrowdStrike Falcon across Windows and Linux environments, determine impact, collect artifacts, and coordinate containment actions (host isolation, process termination, hash/URL blocking). Manage phishing response by monitoring Defender for Office 365 queues and shared mailboxes, analyzing headers and URLs/domains using MxToolbox, and executing mailbox remediation actions (quarantine/purge, block sender/domain). Perform malware and URL analysis using Any.Run detonations and VirusTotal pivots; validate IOCs and feed outcomes into Sentinel detections and blocklists. Extend vulnerability coverage to servers via Defender for Cloud (agentless and agent-based), prioritize remediation, and validate fixes using Secure Score for Devices and MDVM dashboards. Enrich investigations with threat intelligence (WHOIS, passive DNS, and reputation sources) and publish indicators to Defender, CrowdStrike policies, firewalls, and blocklists. Apply MITRE ATT&CK and Cyber Kill Chain frameworks to structure investigations, guide response actions, and enhance SOC playbooks/runbooks based on lessons learned. Produce SOC metrics (alert volumes, detection efficacy, MTTA/MTTR) on a weekly and monthly basis, and brief stakeholders on significant incidents and recurring attack patterns. Collaborate with cross-functional teams to improve processes and align controls with NIST, ITIL, and Australian Essential Eight requirements. Drive continuous improvement of SOC playbooks for phishing, malware, and endpoint containment to reduce false positives and accelerate containment time.
Education
B.Tech - SSN Engineering College
- · Afghanistan
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Citizen
Relocation
Open to Relocation
