About
Cybersecurity Professional with 3+ years of experience delivering results in SOC operations, incident response, threat hunting, and vulnerability management. Proficient in SIEM platforms and EDR solutions to detect, investigate, and contain advanced threats. Skilled in identity and access management email security and web/network security with hands-on experience in storage security monitoring and ticketing systems. Experienced in applying structured incident response methodologies to strengthen defenses, optimize alert triage, and reduce false positives. Demonstrated ability to produce actionable insights, communicate effectively across teams, and proactively identify risks to improve organizational security posture.
Skills & Expertise (19)
Work Experience
Security Analyst
Altus Private Limited
Mar 2023 - Present
Performed 24/7 SOC operations using SIEM with alert triage, log and IOC analysis, and EDR support, tuning correlation rules to reduce false positives while maintaining endpoint security coverage and aligning investigations with MITRE ATT&CK and Cyber Kill Chain frameworks. Conducted threat hunting with IOC enrichment analyzing IDS, endpoint, authentication, and network telemetry to identify phishing, malware, persistence, lateral movement, and command-and-control activity. Optimized correlation rules reducing false positives, validated incidents, and supported incident response lifecycle containment and escalation across enterprise systems. Investigated endpoints detecting malware execution, persistence artifacts, and lateral movement through process and authentication anomalies across Windows systems. Executed containment and eradication including host isolation, IOC and hash blocking, credential reset, and remediation aligned with incident response lifecycle reducing MTTR. Utilized CrowdStrike vulnerability management insights to prioritize vulnerabilities, validate remediation, and monitor systems for exploitation attempts after patch deployment. Supported forensic investigations by assessing device timelines, process trees, and persistence mechanisms to determine attack impact and root cause. Leveraged Feedly threat intelligence to track emerging threats, CVEs, zero-day vulnerabilities, performing IOC extraction, OSINT research, and mitigation-focused threat intelligence briefings. Examined unauthorized access attempts and suspicious connections by validating logs and performing network log analysis during investigations. Detected command-and-control traffic and potential data exfiltration, blocked malicious domains and risky URLs, supporting containment and escalation within the incident response lifecycle. Worked with Digital Shadows Searchlight to detect external attack surface risks including phishing frameworks, typosquatting domains, data leaks, and credential exposures linked to threat actor activity. Monitored Microsoft Entra ID Identity Protection alerts for suspicious authentication and anomalous IP activity including impossible travel, executing session revocation and credential reset actions. Triaged phishing emails using Abnormal Security and Mimecast with header analysis, URL validation, and sandbox testing, blocking senders and purging emails to prevent credential compromise. Improved detection rules reducing phishing-related endpoint compromises by 40%. Evaluated Box storage alerts and audit logs to identify abnormal file sharing, unauthorized access, suspicious downloads, permission escalation, and sensitive data exposure events. Reviewed Thycotic Secret Server audit logs and managed credential vault access approvals and password rotation to detect unauthorized access and reduce false positives. Documented incident investigations with technical evidence and developed SOC response playbooks procedures and regulatory compliance improving security monitoring and incident response activities.
Education
Bachelor of Technology (B.Tech) - Pragati Engineering College
2015 - 2019 · Afghanistan