About
SOC Analyst with 3+ years of experience in security monitoring, threat detection, incident response, and threat hunting across enterprise environments. Skilled in SIEM tools (Splunk, Microsoft Sentinel, IBM QRadar) and EDR solutions (CrowdStrike Falcon, Microsoft Defender) for efficient threat detection and containment. Experienced in multi-source log analysis (firewall, proxy, IDS/IPS, WAF, endpoints, AWS CloudTrail) with a strong focus on reducing false positives through SIEM tuning and use-case development. Proficient in phishing investigation, malware analysis, and MITRE ATT&CK-based threat hunting, with hands-on experience in incident response and RCA aligned to NIST and ISO 27001 frameworks.
Skills & Expertise (39)
Work Experience
SOC Analyst
SAFFRON NETWORKS PVT LTD
Dec 2022 - Present
Perform 24/7 security monitoring and alert triage using SIEM platforms (Splunk, Microsoft Sentinel, IBM QRadar). Investigate and analyze security events from multiple log sources including firewall, proxy, IDS/IPS, WAF, email gateway, and endpoints. Identify true positives and eliminate false positives through detailed log correlation and analysis. Conduct endpoint investigations and containment using CrowdStrike Falcon and Microsoft Defender for Endpoint. Perform root cause analysis (RCA) and prepare detailed incident reports. Monitor diverse security events and logs (Proxy, IPS/IDS, Firewall, Email, Endpoints, Web Application Firewall) for situational awareness. Investigate phishing emails by analyzing headers, URLs, and attachments; provide remediation recommendations to users. Utilize threat intelligence (Recorded Future) for IOC validation and enrichment. Perform malware analysis using sandboxing tools such as AnyRun and Hybrid Analysis. Monitor AWS CloudTrail logs to detect suspicious activities including privilege escalation and anomalous API calls. Fine-tune SIEM rules to minimize false positives and eliminate false negatives. Monitor health of SIEM tools and security infrastructure to ensure continuous visibility. Collaborate with internal teams and vendors to improve detection coverage and SOC efficiency. Maintained detailed incident investigation documentation and security reports to support internal reviews and compliance evidence collection. Deliver concise SOC reports to senior management, outlining the current security status, recent incidents, threat trends, and control effectiveness.
Education
Bachelor of Engineering (BE)
- · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (39)
Click a skill to find developers with the same skill
