About
Security Engineer with around 5.8 years in expertise in phishing, malware analysis, host isolation, and threat detection using Microsoft Defender ATP. Proficient in SIEM tools, endpoint security, IAM role management in AWS, and SOAR technologies. Skilled in email security, vulnerability assessments, and proactive threat hunting to enhance organizational security.
Skills & Expertise (42)
Work Experience
Security Analyst
Snew Technologies
Sep 2020 - Nov 2025
Proficient in Kusto Query Language (KQL); very good at writing and optimising queries to analyse large datasets in Azure Sentinel and MS Defender. Proficiency with log review and analysis, logical thinking, the ability to correlate events, the ability to triage events, the demonstration of analytical expertise, close attention to detail, excellent critical thinking, logic, solution orientation, and the ability to learn and adapt quickly. Experience in handling and deploying the Defender agents onto servers to onboard into Defender, and troubleshooting agent connectivity issues using the MDE Client Analyser. Experience in AIR (Automated Investigations and Remediation) policies and their implementation. Experience in vulnerability assessments. Evaluate and prioritise identified vulnerabilities for remediation by collaborating directly with customers. Strong experience in managing Endpoint Agents over Windows and Linux operating systems, Active Directory integrations, and Windows Event Logs. Escalating security incidents based on the client's SLA and providing meaningful information related to security incidents by conducting in-depth analyses of events, which makes the customer's business safe and secure. Good hands-on experience in the integration of AWS and Azure security, implementing policies, and fine-tuning rules. Experience in supporting, fine-tuning, and troubleshooting correlation searches in Splunk SIEM. Good hands-on experience in managing the P1 bridge call, involving the stakeholders, and experience in creating the incident response report for critical incidents. Expertise in Splunk Enterprise architecture such as Search Heads, Indexers, Deployment Server, Licence Master, and Heavy/Universal Forwarders. Escalating security incidents based on the client's SLA and providing meaningful information related to security incidents by conducting in-depth analyses of events, which makes the customer's business safe and secure. Good hands-on experience in creating the SOPs, playbooks, and runbooks using Splunk and Defender, as well as hands-on experience in creating and managing the endpoint health check reports and vulnerability reports to reduce the exposure score. Experience in creating and maintaining the daily, weekly, and monthly reports of device health status using Defender ATP. Good hands-on experience in providing KT sessions and training, and assigning tasks to juniors. Extensive experience in conducting in-depth investigations by collecting package data and live response in the Defender portal. Good knowledge in analysing different malicious executables and documents. Good understanding of Azure Active Directory, Azure MFA, and conditional access. Configure and manage dashboards, notebooks, data connectors, and playbooks in Azure Sentinel. Hunt security threats using Azure Sentinel. Managed incident response activities, including investigation and reporting of security breaches.
Security Analyst
First meridian Global Services
Dec 2025 - Mar 2026
Hands-on experience in analyzing phishing emails and malware emails, performing soft deletes and hard deletes of malicious emails from the email cluster, and adding indicators into the tenant allow list/block list based on analyzing the IOCs. Experience in working on host isolation and advanced threat analysis using EDR, Microsoft Defender ATP. Handling spam and phishing email submissions from end-users, taking containment steps by further investigating domains and IPs to recommend proper blocking, and creating SPF, DKIM, and DMARC records for the domains to protect against spoofing. Monitoring, analysing, and responding to infrastructure threats, vulnerabilities, and risks. Collecting the logs of all the Windows, Linux, and network devices, and analysing the logs to find suspicious activities. Experienced in creating and fine-tuning compliance policies and ASR rules using the Intune portal. Good hands-on experience in onboarding Windows Server 2016 R2 and 2019 servers, using Defender XDR and CyberArk. Good hands-on experience in creating use cases and custom detection rules in Defender and Azure Sentinel using the KQL language. Expertise in using SOAR technologies such as Logic Apps, implementing playbooks, and creating automation rules using Microsoft Sentinel SOAR. Experience in working on host isolation and advanced threat analysis using EDR, Microsoft Defender ATP, and other tools. Knowledge of Group Policy Objects, Active Directory security and compliance configurations, and migrating to the Intune administrator console. Taking the appropriate action based on advisories, IOCs, identifying threat actors using Mitre ATT&CK, and coordinating with the respective team to block the IOCs. Strong knowledge and working experience in Office 365 email gateway solutions; fully owning, managing, monitoring, and administering the email security stack and policies for both on-premises and cloud environments, which include Office 365 email security solutions. Experience in creating Log Analytics workspaces, creating conditional access policies, and detection rules using Defender 365 and Azure Sentinel. Good hands-on experience in creating virtual machines, deploying endpoint agents on them, and managing IAM roles in an AWS environment. Provided expert advice on the latest cybersecurity trends and threats, guiding company strategy and defence mechanisms.
Education
M.Com - Mahatma Gandhi University
- 2018 · Afghanistan
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
H1B
Relocation
Open to Relocation