About
Analytical and results-driven SOC Analyst with 3+ years of hands-on experience in threat detection, incident response, and security monitoring across enterprise environments. Proficient in Azure Sentinel, Splunk ES SIEM, Microsoft Defender for Endpoint (EDR/XDR), SentinelOne, and Microsoft 365 Defender for real-time monitoring and incident investigation. Experienced in analyzing phishing, malware, C2 communications, persistence mechanisms, lateral movement, and PowerShell-based attacks. Strong analytical and communication skills with a focus on improving SOC processes and maintaining enterprise security posture.
Skills & Expertise (33)
Work Experience
Security Analyst
Global Logic
Oct 2021 - Nov 2022
Monitored 24*7 and analyzed IDS/IPS logs to detect suspicious and malicious activities. Investigated proxy logs, firewall logs, and antivirus logs for potential security incidents. Handled and analyzed logs from network devices such as routers, switches, and firewalls. Identified and escalated critical security incidents to the incident response team. Conducted log analysis and threat detection to prevent network intrusions. Performed daily monitoring of security dashboards and alerts. Investigated phishing, malware, and suspicious traffic activities. Worked on firewall rule analysis and network traffic monitoring. Created incident reports and documented security findings. Coordinated with IT and security teams for incident resolution. Experienced in investigating and analyzing firewall logs, IDS/IPS logs, and proxy logs to identify and mitigate potential threats. Investigated alerts generated by IDS/IPS systems, distinguishing between false positives and legitimate threats, and escalating critical incidents to senior analysts. Analyzed logs from Proxy, IDS/IPS, Firewalls, and AV tools to trace attack paths and confirm compromise. Skilled in performing incident investigations, threat detection, and root cause analysis to enhance network security. Analyze Proxy alerts to detect suspicious outbound connections, command-and-control activity, and exfiltration attempts. Solid understanding of routers, switches, and core networking concepts to support secure infrastructure operations.
SOC Analyst
Cyient Ltd
Dec 2022 - Present
Monitor 24*7 security alerts and incidents using Azure Sentinel and Splunk ES SIEM. Investigate and respond to phishing, malware, and suspicious network activities. Investigate and respond to endpoint incidents using Sentinel One EDR/XDR and Microsoft Defender for Endpoints. Perform alert triage and escalate high-severity incidents. Analyze Microsoft Defender for Endpoint alerts and take remediation actions. Respond to phishing incidents detected via Microsoft 365 Defender, performing email header analysis, URL inspection, and user impact assessment. Analyze and mitigate Defender for Cloud alerts involving insecure configurations, privilege escalations, and anomalous resource activity. Investigate PowerShell-based attacks and suspicious Windows activities. Monitor Office 365 Defender alerts and email-related threats. Identify C2 communications, persistence, and lateral movement activities. Performed lateral movement analysis by correlating event logs and detecting use of remote tools like PsExec, RDP, WMI. Work with incident response team to contain and remediate threats. Create incident reports and documentation. Improve SOC monitoring and detection rules.
Education
MBA - Jawaharlal Nehru Technological University Hyderabad
- 2021 · Afghanistan
Bachelor of Technology (B.Tech), Computer Science - Jawaharlal Nehru Technological University
- 2019 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Citizen
Relocation
Open to Relocation
Skills (33)
Click a skill to find developers with the same skill
