About
SOC Analyst with 6+ years of experience in enterprise Security Operations Center (SOC) environments supporting 24/7 cybersecurity monitoring and incident response. Strong expertise in SIEM monitoring, detection engineering support, advanced log analysis, endpoint detection and response (EDR), firewall security monitoring, cloud security operations, and vulnerability management. Experienced in handling high-severity (P1/P2) security incidents across network, endpoint, server, email, and cloud environments. Skilled in MITRE ATT&CK mapping, Cyber Kill Chain analysis, root cause analysis, digital evidence collection, and compliance support aligned with NIST and ISO 27001 frameworks.
Skills & Expertise (48)
Work Experience
Security Analyst
HDFC
Jun 2019 - Jul 2021
Performed 24/7 real-time security monitoring and alert triage in enterprise SOC environment. Monitored and analyzed logs from firewall, IDS/IPS, endpoint security tools, Windows/Linux servers, proxy servers, email gateways, and cloud platforms. Conducted initial validation of alerts by analyzing IP addresses, ports, protocols, usernames, hostnames, and event severity. Correlated multi-source logs to detect suspicious patterns including brute force attempts, abnormal outbound traffic, phishing activity, malware execution, and unauthorized access attempts. Investigated phishing alerts through email header analysis, URL validation, domain reputation checks, and attachment sandboxing. Reviewed endpoint alerts and analyzed suspicious file hashes, process execution, and abnormal command-line activity. Validated Indicators of Compromise (IOCs) using threat intelligence feeds and reputation databases. Performed log timeline reconstruction to understand attack progression and support escalation decisions. Assisted in SIEM rule tuning to reduce repetitive false positives and alert fatigue. Monitored firewall and network logs to detect port scanning, unauthorized remote access attempts, and DDoS indicators. Maintained incident documentation ensuring SLA adherence and compliance alignment. Supported internal and external audits by providing monitoring evidence aligned with ISO 27001 and NIST requirements.
Security Analyst
Wipro
Aug 2021 - Present
Lead investigation and response of high and critical (P1/P2) cybersecurity incidents across enterprise infrastructure including network, endpoint, server, cloud, and email environments. Perform advanced log analysis and event correlation using Splunk, IBM QRadar, Microsoft Sentinel, and LogRhythm. Detect and investigate security threats including lateral movement, privilege escalation, ransomware indicators, brute force attacks, insider threats, command-and-control (C2) communication, and suspicious outbound traffic. Conduct detailed EDR investigations using CrowdStrike, Symantec, and McAfee ePO by analyzing process trees, command-line execution, registry changes, scheduled tasks, persistence techniques, and abnormal network connections. Map incidents and detection use cases to MITRE ATT&CK techniques to improve monitoring coverage and visibility. Tune SIEM correlation rules to reduce false positives and improve alert accuracy. Perform log onboarding activities including syslog configuration, parsing validation, field extraction, normalization, and event categorization. Monitor SIEM platform performance including log ingestion health, event latency, storage utilization, and data retention compliance. Execute containment actions including endpoint isolation, firewall IP/domain blocking, account lockout, access revocation, and MFA enforcement. Conduct root cause analysis (RCA) to identify attack vector, exploited vulnerability, impacted assets, and business risk exposure. Perform retrospective log analysis after incidents to identify detection gaps and strengthen monitoring rules. Investigate phishing campaigns including email header analysis, spoofing validation, URL detonation, and attachment sandboxing. Analyze authentication logs to detect password spraying, credential stuffing, abnormal login patterns, and suspicious geo-location activity. Support vulnerability remediation validation by reviewing Nessus and Qualys scan findings and verifying patch implementation. Collaborate with VAPT teams to validate exploitability and remediation closure. Document incident findings in ServiceNow ensuring SLA compliance and audit traceability. Provide SOC operational evidence aligned with ISO 27001 and NIST compliance audits. Mentor L1 analysts and review escalated alerts to improve investigation quality and reduce rework. Assist in automation of repetitive SOC reporting tasks using Python and PowerShell scripts.
Education
Master of Science - San Francisco Bay University
- · Afghanistan
Bachelor of Technology - Talla Padmavathi College of Engineering
- · Afghanistan
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Citizen
Relocation
Open to Relocation
