About
Possess 3+ years as a SOC Analyst in SOC monitoring, alerting, incident response and investigation using Splunk Enterprise, Cortex XSIAM in cybersecurity, specializing in malware analysis, Kql, Soar, Incident response, threat hunting, and vulnerability management and managing cutting-edge security tools across cloud and on-premises environments. Adept at leveraging industry-leading tools such as Splunk, Cortex XSIAM, Azure Sentinel and IBM Qradar SIEM Solutions and EDR solutions such as SentinelOne and Microsoft Defender and configuration management (CM) tools to detect, analyze, and mitigate complex cyber threats. Proven expertise in mitigating cyber threats, optimizing security protocols and delivering strategic insights to enhance organizational security posture. Committed to continuous learning and staying updated on the latest security trends to provide innovative solutions.
Skills & Expertise (50)
Work Experience
SOC Analyst
Luminaire Technologies
Feb 2023 - Present
Proficient in managing and optimizing SIEM platforms including Azure Sentinel, and IBM QRadar for advanced threat detection, investigation, and analysis. Performed endpoint detection and response (EDR) using Microsoft Defender, Sentinel One helping identify and contain threats across organizational endpoints. Manage and monitor Proofpoint email security to detect, block, and respond to phishing, malware, and targeted attacks while ensuring policy enforcement and user protection. Correlate email headers, links, and payloads using tools like VirusTotal, Cisco Talos, and MXToolbox. Used ATT&CK framework to evaluate EDR/SIEM effectiveness and improve threat hunting maturity. Performed detailed malware analysis, identifying infection vectors and Collaborated with the incident response team to respond to and contain security incidents. Conducted header analysis and forensic investigation of malicious emails to trace spoofed domains and attacker infrastructure using Proofpoint and Microsoft Defender for Office 365. Analyzed logs of various network devices (IDS/IPS, Firewall) and operating systems (Windows) using a SIEM tool, identifying potential security threats and vulnerabilities. Continuously monitored and analyzed security alerts from SIEM, EDR, and NGAV platforms to identify, investigate, and respond to cyber threats in real time. Performed incident triage, containment, eradication, and recovery activities in alignment with NIST Incident Response framework. Performed endpoint investigations using EDR tools to analyze malware, persistence mechanisms, lateral movement, and privilege escalation. Performed threat hunting activities using KQL, identifying anomalous user behavior, privilege escalations, and suspicious logon patterns. Leveraged MITRE ATT&CK techniques (TTPs) to design and fine-tune SIEM/EDR detection rules (SPL, KQL). Monitored security events and alerts in SIEM, performing triage and prioritization to identify true positives and reduce noise. Investigated suspicious activities and correlating endpoint, network, and cloud telemetry for accurate incident validation. Tracked and reported SOC metrics (alert volumes, false positive rates, detection coverage) through SIEM dashboards to improve operational visibility. Conducted proactive threat hunting using known TTPs, threat intelligence, and hypothesis-driven investigation techniques. Used KQL queries to get the logs such as (email logs, logon events, network events, process events, file events, URL clicks, hash etc). Analyzed threat intelligence feeds to stay informed about emerging threats and adapt defense strategies accordingly. Utilized KQL queries in Microsoft Sentinel to monitor and investigate security alerts across endpoint, network, and cloud telemetry. Mapped detections and response playbooks to MITRE ATT&CK and Cyber Kill Chain frameworks for comprehensive adversary coverage.
Education
B.Sc. - Bachelor of Science - Mathematics and Computer Science - Osmania University
2020 - · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Citizen
Relocation
Open to Relocation
Skills (50)
Click a skill to find developers with the same skill
