About
Cyber Security Analyst with 4+ years of experience in SIEM engineering, SOC operations, and security automation across enterprise environments. Specialized in IBM QRadar SIEM administration, including HA architecture, log source onboarding (200+ devices), DSM parsing, correlation rule tuning, and performance optimization. Proven ability to reduce false positives by ~30% and improve MTTR by ~35% through effective use-case development and automation. Hands-on experience with Cribl LogStream, CrowdStrike Falcon EDR integration, and SIEM platforms including Splunk, Securonix, and Cortex. Adept at supporting 24×7 SOC operations, ensuring SLA compliance, and strengthening organizational security posture.
Skills & Expertise (20)
Work Experience
Security Analyst
FIS Global Pvt Ltd
Present - Present
Installed, configured, and troubleshot SIEM infrastructure across multiple client environments, working with Splunk, IBM QRadar, and Cortex SIEM. Performed system upgrades, patching, and ongoing maintenance of SIEM platforms, ensuring platform stability, performance, and security compliance. Investigated and resolved log ingestion, parsing, and correlation issues, leveraging Cribl LogStream to route, filter, and optimize logs before SIEM ingestion. Conducted regular SIEM health checks, performance tuning, and capacity monitoring, including Splunk indexing health, QRadar EPS/FPM utilization, and Cortex SIEM performance metrics. Managed SOC administrative activities, including ticket creation, tracking, and resolution within defined SLAs, coordinating with L1/L3 teams as required. Worked extensively on SOAR platforms (Cortex XSOAR), configuring integrations, automation workflows, and response playbooks to streamline SOC operations. Integrated and supported CrowdStrike Falcon EDR with SIEM and SOAR platforms to enhance endpoint visibility, alert enrichment, and automated incident response. Assisted in alert triage, incident investigation, and response activities, supporting 24×7 SOC operations and ensuring timely escalation of critical security events.
Security Engineer
SecurView Pvt Ltd
Present - Present
Installed, configured, and administered enterprise SIEM platforms with primary focus on Splunk Enterprise / Splunk ES, along with IBM QRadar and DNIF, including High Availability (HA) architecture to ensure 99.9% uptime. Performed SIEM upgrades, patching, and version migrations across Splunk, QRadar, and DNIF environments to maintain performance, stability, and security compliance. Integrated and onboarded 200+ log sources into Splunk (forwarders, indexers, search heads) as well as QRadar and DNIF, significantly enhancing log visibility and threat detection coverage. Diagnosed and resolved non-reporting, delayed, and partially reporting log ingestion issues in Splunk (UF/HF pipelines), QRadar, and DNIF, ensuring log integrity and SLA adherence. Developed and optimized Splunk searches, dashboards, and alerts, while also maintaining QRadar DSM parsing and DNIF parsers to improve event correlation and detection accuracy. Led SIEM automation and optimization initiatives, integrating SOAR workflows with Splunk ES notable events, QRadar offenses, and DNIF alerts, reducing manual analyst effort by ~30%. Conducted routine SIEM health checks, performance tuning, and capacity monitoring, with emphasis on Splunk indexing performance, license utilization, and search efficiency. Designed, developed, and fine-tuned Splunk ES correlation searches and use cases, along with QRadar rules and DNIF detections, aligned with MITRE ATT&CK techniques. Managed end-to-end SIEM operations across Splunk, QRadar, and DNIF, supporting 24×7 SOC environments and L2/L3 escalations.
Education
Computer Science - SPPU
- · Afghanistan
Info. Technology - Government Polytechnic Pune
- · Afghanistan