About
I am a results-driven SOC Analyst with 3+ years of experience in securing cloud, network, and enterprise environments. Proven expertise in SIEM platforms (Splunk, Cortex XSIAM) and endpoint security (Microsoft Defender, Sentinel-One, Kaspersky). Specialized in threat detection, incident response, ransomware defense, and threat hunting with a strong focus on building scalable, resilient security architectures. Seeking to contribute to a forward-thinking security team leveraging AI-driven analytics and real-time threat intelligence.
Skills & Expertise (23)
Work Experience
B1 Senior Executive
WIPRO
Sep 2020 - Jan 2022
As an Audit Spoc conducted audit checks on team members, gave them appropriate feedback regarding the policies that are binding on them.
Process Developer
GENPACT
Jun 2016 - Sep 2020
Worked on Customer Queries to provide First time resolution and ensuring the best customer experience.
Senior SOC Analyst
W3 SOFTTECH India Pvt Ltd
Jul 2023 - Present
Performed real-time security alert monitoring and incident investigation using Splunk SIEM ensuring timely incident resolution in accordance with defined SLAs. Conducted comprehensive log analysis across multiple security platforms to detect anomalies and potential threats. Executed proactive threat hunting activities using Microsoft Defender for Endpoint and Sentinel One. Structured and Unstructured Threat Hunting based on the MITRE ATT&CK framework. Analyzed and validated Indicators of Compromise (IOCs) using open-source intelligence (OSINT) tools and recommended appropriate endpoint containment and blocking actions. Investigated phishing and malware incidents, identifying malicious payloads and mitigating email-based threats. Leveraged Abnormal AI to detect and prevent advanced and anomalous email threats. Produced daily, weekly, monthly, and quarterly SOC reports, highlighting incident trends, KPIs, and security posture metrics. Performed raw log analysis to identify parsing gaps and improve log quality and data accuracy within SIEM. Investigated Microsoft Purview DLP incidents across email, endpoints, and cloud workloads, performing root-cause analysis on sensitive data leakage (PII/PCI/PHI). Worked closely with cross-functional teams and stakeholders to investigate incidents and reduce organizational risk. Created, tracked, and maintained incident records using ServiceNow, ensuring accurate documentation and audit readiness. Participated in daily shift handovers, ensuring seamless operational continuity and knowledge transfer. Ensured SOC operations aligned with business objectives and cybersecurity requirements. Utilized Splunk SPL and Kusto Query Language (KQL) to perform advanced log searches, correlations, and investigations. Tuned detection rules by analyzing IOCs and reducing false positives, improving alert fidelity. Developed and maintained incident response playbooks for phishing, ransomware, insider threats, and cloud security incidents based on real-world cases. Actively participated in war-room calls during critical incidents, providing real-time analysis and supporting rapid containment efforts. Mentored junior SOC analysts, conducted hands-on knowledge sessions on threat detection, MITRE ATT&CK mappings, and the effective use of SIEM dashboards and playbooks in a real-world SOC environment.
SOC Analyst
GOC
Jan 2022 - May 2023
Led daily threat triage using Cortex XSIAM, validating alerts and ensuring SLA-based resolution. Performed deep-dive incident investigations, including root cause, impact, and remediation analysis. Acted as a key analyst during critical incidents, guiding mitigation and recovery efforts. Supported 24x7 SOC operations, monitoring and defending client environments against advanced threats. Delivered weekly and monthly threat reports outlining attack trends, metrics, and security recommendations. Collected Threat Intel data using Open source and Threat Intel Companies. Ensured blocking of IOC’s in various security tools using SOAR on day-to-day basis. Documented confirmed incidents (true positives) to support historical analysis and SOC knowledge base. Analysed attacker TTPs to understand threat behaviour and improve detection strategies. Investigated endpoint and network threats using Kaspersky EDR and Zscaler proxy logs. Supported SOC audits and compliance reviews by providing incident evidence and documentation. Mapped incidents using MITRE ATT&CK and Cyber Kill Chain frameworks. Tracked emerging threats and malware variants to maintain proactive defence readiness. Monitored EPS trends, identified silent log sources, and performed SIEM health checks. Ensured industry compliance through close collaboration with security and governance teams.
Education
Bachelor of Technology (B. Tech) – Computer Science Engineering - Jawaharlal Nehru Technological University
- 2016 · Afghanistan
