About
Security Analyst with 2 years of experience in SOC operations and Incident Response across MSSP and internal enterprise environments. Skilled in SIEM monitoring, incident triage, detection engineering, and vulnerability management using Splunk, QRadar, Microsoft Defender, EDR, IAM, SOAR, and DLP tools. Proven record of reducing MTTD/MTTR through automation, and custom use-case development across cloud and on-prem environments. Strong collaborator focused on protecting client environments and improving overall security posture.
Skills & Expertise (31)
Work Experience
Security Analyst
Covasant Technologies
May 2024 - Present
Monitor, triage and investigate security events using SIEM platforms to identify true positives and reduce false positives. Perform L1 incident response, including initial containment, impact assessment, root-cause analysis and coordination with relevant teams for remediation and recovery. Use EDR solutions for endpoint threat detection, malware investigation and remediation actions such as isolation, process blocking and IOC-based hunting. Analyze and tune firewall and web security policies including Zscaler web access protection to block malicious traffic, enforce URL filtering and support zero-trust access controls. Operate SOAR platforms to automate repetitive response actions, enrich alerts, build and refine playbooks, and integrate multiple tools (SIEM, ServiceNow, EDR, DLP, Okta, email security). Manage identity and access-related alerts via Okta, including MFA anomalies, suspicious logins, and privilege escalations, and ensure alignment with least-privilege and IAM policies. Investigate DLP alerts for data exfiltration attempts across endpoints, web, email, and cloud channels, coordinating with data owners and HR/compliance as needed. Handle phishing and email security incidents using Phisher and related tools: analyze headers and URLs, sandbox attachments, confirm user compromise and implement mailbox and domain-level remediation. Perform malware analysis at an intermediate level, including behavioral analysis, log correlation, and IOC extraction to strengthen detection rules in SIEM and EDR platforms. Use ServiceNow for full incident lifecycle management including ticket creation, prioritization, documentation of investigation steps, tracking SLAs and closure notes. Documentation and post-incident reviews to improve SOC procedures and playbooks.
Education
Bachelor of Engineering in Electronic and Communication - JNTUA
- 2016 · Afghanistan