About
Cyber Security SOC Analyst with 4+ years of experience in Security Operations Center environments. Skilled in monitoring, investigating, and responding to advanced cyber threats using SIEM, EDR/XDR, and AI-driven email security platforms. Experienced in Splunk Enterprise Security, Cortex XSIAM, Microsoft Defender, and Sentinel One, with strong expertise in MITRE ATT&CK mapping, malware defense, and other incidents. Collaborating with cross-functional teams to reduce false positives, improve detection coverage, and meet compliance requirements.
Skills & Expertise (28)
Work Experience
Senior SOC Analyst
W3 SOFTTECH India Pvt Ltd
Jul 2023 - Present
Performed real-time security alert monitoring and incident investigation using Cortex XSIAM SIEM tool ensuring timely incident resolution in accordance with defined SLAs. Skilled in incident response, including triaging and mitigating threats like phishing, malware, DDoS, brute-force attacks, and unauthorized access. Investigated Microsoft Purview DLP incidents across email, endpoints, and cloud workloads, performing root-cause analysis on sensitive data leakage (PII/PCI/PHI). Utilized Microsoft Azure Entra ID to identify and analyze risky user sign-ins for potential account compromise. Strong log analysis capabilities across Windows events, firewalls, proxies, DNS, VPNs, and system login logs. Knowledge in malware analysis. Networking: TCP/IP, OSI model, firewalls, IDS/IPS, types of IP (IPv4 vs. IPv6). Protocols: HTTP/HTTPS, DNS, SMTP, FTP, SSH and framework NIST. Performed proactive Structured and Unstructured threat hunting activities using Microsoft Defender for Endpoint and Sentinel One based on the MITRE ATT&CK framework. Analyzed and validated Indicators of Compromise (IOCs) using open-source intelligence (OSINT) tools and recommended appropriate endpoint containment and blocking actions. Performed raw log analysis to identify parsing gaps and reported to engineering team. Produced daily, weekly, monthly, and quarterly SOC reports, highlighting incident trends and operational performance. Participated in daily shift handovers, ensuring seamless operational continuity and knowledge transfer. Utilized Splunk SPL and Kusto Query Language (KQL) to perform advanced log searches, correlations, and investigations. Gave insights for incident response playbooks for phishing, ransomware, insider threats, based on real-world cases. Actively participated in war-room calls during critical incidents, providing real-time analysis and supporting rapid containment efforts. Participated in knowledge sessions on latest threats, MITRE ATT&CK mappings, and the effective use of SIEM dashboards and playbooks in a real-world SOC environment.
Security Analyst
GOC
Jan 2022 - May 2023
Led daily threat triage using SPLUNK SIEM tool, validating alerts and ensuring SLA-based resolution. Performed initial investigations, including root cause, impact, and remediation analysis. Acted as a key analyst during critical incidents, guiding mitigation and recovery efforts. Supported 24x7 SOC operations, monitoring and defending client environments against advanced threats. Delivered weekly and monthly threat reports outlining attack trends, metrics, and security recommendations. Collected Threat Intel data using open-source and Threat Intel companies. Ensured blocking of IOCs in various security tools using SOAR on a day-to-day basis with respective teams. Documented confirmed incidents (true positives) to support historical analysis and SOC knowledge base. Analyzed attacker TTPs to understand threat behavior and improve detection strategies. Investigated endpoint and network threats using Sentinel One EDR and Zscaler proxy logs. Supported SOC audits and compliance reviews by providing incident evidence and documentation. Mapped incidents using MITRE ATT&CK and Cyber Kill Chain frameworks. Tracked emerging threats and malware variants to maintain proactive defense readiness. Monitored EPS trends, identified silent log sources, and performed SIEM health checks. Created SOP documents on phishing email analysis and malicious incidents.
Education
Bachelor of Technology (B. Tech) – Computer Science Engineering - Jawaharlal Nehru Technological University
- 2016 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Need Sponsorship
Relocation
Open to Relocation
Skills (28)
Click a skill to find developers with the same skill
