About
SOC Analyst with 3 years of experience in threat detection, incident response, and log analysis using SIEM tools such as Microsoft Sentinel and Microsoft Defender XDR, with ongoing learning in IBM QRadar. Improved alert accuracy by fine-tuning correlation rules and validating security events. Strengthened organizational security by reducing false positives, enhancing visibility, and collaborating with internal teams to mitigate risks and support a robust cybersecurity posture.
Skills & Expertise (22)
Work Experience
Systems Engineer
CGI Information Systems and Management Consultants Pvt Ltd
Sep 2022 - Present
Monitored and triaged real-time security alerts using Microsoft Sentinel, Microsoft Defender XDR, and other SIEM tools, identifying potential threats and escalating based on severity. Handled customer security incident tickets, investigating incidents based on severity, and closing them in compliance with SLA using Freshservice. Maintained 90% audit-ready documentation. Tuned SIEM alerts and analytical rules to reduce false positives, enhance detection accuracy, and focus on critical incidents. Extracted and analyzed logs from Sentinel, Defender, firewalls, proxies, and OS systems to support high-severity incident investigations and identify unauthorized activities. Leveraged OSINT tools (VirusTotal, Urlscan.io, IPVoid, MXToolbox) to identify suspicious indicators, enhancing threat intelligence and improving detection efficiency. Conducted malware, phishing, and IOC investigations, reducing incident resolution time by 25% through rapid alert triage and correlation. Assisted in creating and updating SOPs for incident handling, analytical rules, and security policies based on client requirements. Managed security incidents from detection to resolution, correlating observed attack patterns with known signatures to improve threat detection. Collaborated with vendors and internal teams on Priority 1 issues, performing root cause analysis (RCA) and supporting remediation actions. Generated SIEM health and performance reports, including log source count, collection rate, and server status, to support infrastructure monitoring. Created daily, weekly, and monthly security reports to assist investigations and ensure compliance. Applied strong networking and security knowledge, including OSI model, TCP/IP, HTTP, SMTP, DNS, DHCP, and MITRE ATT&CK framework, to support incident correlation and investigation. Provided 24/7 on-call SOC support, ensuring continuous operations and adherence to client SLAs.
Education
Master of Technology - Siddaganga Institute of Technology (SIT)
- · Afghanistan