About
Cybersecurity professional with 3 years of hands-on experience in Security Operations Center (SOC) environments, specializing in threat detection, incident response, and security automation. Proficient in leveraging SIEM and SOAR platforms to streamline monitoring and response workflows, with expertise in applying MITRE ATT&CK framework and Cyber Kill Chain methodology for advanced threat analysis. Skilled in deploying and managing Endpoint Detection and Response (EDR) tools to contain and remediate security incidents, ensuring robust protection across enterprise environments. Adept at collaborating with cross-functional teams to strengthen security posture and drive continuous improvement in incident handling processes.
Skills & Expertise (32)
Work Experience
Security Analyst
INORG GLOBAL PVT
Jun 2024 - Jan 2025
3 years of SOC operations experience with continuous real‑time monitoring and analysis of logs from firewalls, IDS/IPS, routers, databases, operating systems, and web servers. Hands‑on expertise with SIEM tools: ArcSight, IBM QRadar, Splunk, Azure Sentinel, LogRhythm. Proficient in SOAR platforms: Splunk Phantom, Cortex, FortiSOAR, D3 Security, Titan — orchestrating automated incident response workflows to reduce manual intervention and response time. Applied MITRE ATT&CK framework and Cyber Kill Chain methodology for advanced threat detection, adversary behavior mapping, and incident triage. Skilled in Endpoint Detection and Response (EDR) tools for containment, remediation, and forensic analysis of compromised endpoints. Developed and optimized KQL queries to detect anomalies, analyze sign‑in logs, monitor network traffic, and track Azure resource performance. Implemented IAM policies, security groups, and network ACLs in AWS to enforce least‑privilege access and reduce attack surface. Automated remediation workflows using AWS Lambda and SNS for faster incident response. Configured and maintained AWS CloudWatch and CloudTrail for logging, monitoring, and detection of unauthorized access. Conducted digital forensics and root cause analysis to investigate incidents and strengthen preventive controls. Fine‑tuned SIEM and SOAR alerts to minimize false positives and improve detection accuracy. Experienced in DLP solutions for safeguarding sensitive data across endpoints and networks. Regularly monitored Microsoft 365 Defender dashboards for alerts, threat intelligence, and security posture updates. Strong knowledge of Linux fundamentals for log analysis, system hardening, and incident response. Applied CIA triad principles (Confidentiality, Integrity, Availability) to design and enforce robust security controls. Collaborated with cross‑functional teams to resolve network, device, and policy issues, ensuring business continuity and compliance. Conducted in‑depth phishing email analysis, including header inspection, URL redirection tracing, and attachment sandboxing to identify malicious payloads. Utilized SIEM and SOAR tools (Splunk Phantom, Cortex, FortiSOAR, D3 Security, Titan) to automate phishing triage workflows, reducing manual investigation time. Performed malware analysis using dynamic and static techniques to detect malicious executables, scripts, and macros. Leveraged EDR solutions to isolate infected endpoints, collect forensic artifacts, and remediate malware infections. Applied MITRE ATT&CK framework to map phishing and malware attack techniques, enhancing detection rules and incident response playbooks. Conducted reverse engineering of suspicious files in controlled environments to understand malware behavior and persistence mechanisms. Created and fine‑tuned detection rules to identify phishing campaigns and malware indicators of compromise (IOCs), minimizing false positives.
Cyber Security Analyst
KIPI.BI INDIA PVT
Jan 2022 - Jun 2024
Analyzed 200+ phishing emails monthly, performing header inspection, URL redirection tracing, and attachment sandboxing to identify malicious payloads. Investigated and contained 50+ malware infections annually using EDR solutions, isolating endpoints and conducting forensic artifact collection. Collaborated with threat intelligence teams to enrich phishing and malware cases with external feeds, improving contextual awareness. Documented phishing and malware incidents with detailed forensic evidence, supporting compliance and audit requirements. Implemented digital forensics practices to preserve evidence, analyze logs, and reconstruct attack timelines for phishing and malware incidents. Applied Cyber Kill Chain methodology to break down phishing and malware attack stages, enabling proactive defense strategies. Delivered awareness training and phishing simulations to employees, reducing click‑through rates and strengthening organizational resilience. Fine‑tuned SIEM and SOAR detection rules, decreasing false positives by 30%, improving analyst efficiency and accuracy. Collaborated with threat intelligence teams to enrich phishing and malware investigations, increasing IOC detection rate by 25%. Delivered phishing awareness training and simulations to employees, reducing click‑through rates on malicious emails by 40%. Documented phishing and malware incidents with detailed forensic evidence, supporting compliance audits and regulatory reporting. Implemented proactive monitoring of suspicious attachments and URLs, preventing multiple targeted spear‑phishing attempts from escalating into breaches.
Education
B.Tech in Computer Science & Engineering - GITAM University
- · Afghanistan
