About
Results-driven Cyber Security Analyst / SOC Analyst with 3+ years of hands-on experience in Security Operations Center (SOC) operations, SIEM-based threat detection, alert triage, log correlation, and end-to-end incident response across enterprise and BFSI environments. Deep expertise in Microsoft Azure Sentinel, IBM QRadar, Splunk, and ELK Stack for real-time monitoring, detection rule engineering, and threat investigation. Proficient in MITRE ATT&CK; framework mapping, Cyber Kill Chain analysis, CrowdStrike Falcon EDR, Microsoft Defender for Endpoint, and SOAR automation. Experienced in AWS cloud security (GuardDuty, Security Hub, CloudTrail, IAM, VPC, WAF), endpoint forensics, malware analysis, phishing investigation, vulnerability management, and threat hunting. Strong command of KQL, Python, and SQL for detection engineering and log analytics. Demonstrated ability to reduce false positives, improve MTTD/MTTR, and deliver RCA and executive-level incident reports. Aligned with NIST CSF, ISO 27001, CIS Benchmarks, and OWASP standards.
Skills & Expertise (121)
Work Experience
Security Analyst (SOC L1/L2)
RK Thinxmart Solutions Pvt. Ltd.
Oct 2024 - Feb 2025
Monitored and triaged real-time security alerts using IBM QRadar and Microsoft Azure Sentinel in a 24/7 SOC environment; investigated phishing, malware infections, brute-force login attempts, account compromise, insider threats, and anomalous network behavior. Performed multi-source log correlation across Palo Alto and Fortinet firewall logs, IDS/IPS alerts, Windows Active Directory event logs, VPN authentication logs, and CrowdStrike EDR telemetry. Applied MITRE ATT&CK; framework to map attacker TTPs during investigations — identifying Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, and Command & Control techniques. Executed incident response actions: blocking malicious IPs/domains at firewall and proxy level, isolating compromised endpoints via CrowdStrike Network Containment and Microsoft Defender, resetting compromised credentials in Active Directory, and coordinating with infrastructure teams. Investigated phishing campaigns: analyzed email headers, decoded obfuscated URLs, submitted attachments to sandbox, and published IOCs to internal threat intelligence platform. Documented all investigations in ServiceNow incident tickets with full evidence trail, attack timeline, MITRE ATT&CK; mapping, affected assets, IOCs, and remediation steps; maintained consistent SLA response timelines across P1/P2/P3 priorities. Escalated confirmed high-severity incidents to L2/L3 senior analysts with structured investigation handover reports including root cause hypothesis, evidence artifacts, and recommended containment and eradication actions.
Junior SOC Analyst
Zisya Technologies Pvt. Ltd.
May 2023 - Aug 2024
Monitored IBM QRadar SIEM offense queues and dashboards for real-time threat detection; performed alert triage, event correlation, and false-positive reduction across firewall, endpoint, server, and Active Directory log sources. Investigated security incidents including phishing attacks, brute-force login attempts, malware detections, suspicious user logon activity, unauthorized access attempts, policy violations, and insider threat indicators. Performed phishing email forensics: complete email header analysis, URL reputation check using VirusTotal and URLScan.io, file attachment analysis using Hybrid Analysis sandbox, and documented extracted IOCs. Analyzed Windows Event IDs for authentication anomalies, account creation, privilege abuse, and pass-the-hash indicators across Active Directory domain controllers. Applied MITRE ATT&CK; TTPs to classify adversary behavior during security investigations and mapped incidents to Tactics, Techniques, and Procedures for accurate incident categorization and improved detection rule recommendations. Validated and tuned SIEM alerts by baselining normal user and system behavior, reviewing event context, and correlating across multiple log sources to reduce alert fatigue and improve signal-to-noise ratio in SOC operations. Maintained detailed incident documentation in Jira ticketing system: event timeline, affected assets, IOC list, root cause notes, MITRE mapping, remediation steps, and closure reports. Collaborated with L2/L3 analysts on escalated incidents; supported full incident response lifecycle from initial detection and containment through eradication, recovery, and post-incident review.
Cyber Security Analyst / SOC Engineer
CyberFort DigiSec Solution Pvt. Ltd. (Client: YES BANK)
Mar 2025 - Present
Monitored and triaged high-severity security alerts from Microsoft Azure Sentinel, IBM QRadar, CrowdStrike EDR, SOAR, and firewall platforms in a 24/7 SOC environment for YES Bank (BFSI), prioritizing incidents using severity scoring and MITRE ATT&CK; technique mapping. Performed deep log correlation across Windows Event Logs, Linux Syslogs, Sysmon, Palo Alto firewall logs, VPN logs, AWS CloudTrail, VPC Flow Logs, GuardDuty findings, and Microsoft 365 audit logs to reconstruct full attack timelines. Led proactive threat hunting campaigns using MITRE ATT&CK; TTPs — detecting persistence, credential dumping, lateral movement, privilege escalation, C2 communications, and data exfiltration before alert trigger. Engineered and fine-tuned KQL-based SIEM detection rules and analytic queries in Microsoft Sentinel — including impossible travel, brute-force, account enumeration, and mass file access detections — reducing false positives by 30% and improving MTTD by 40%. Conducted AWS cloud security investigations: EC2 instance compromise, IAM privilege abuse, unauthorized S3 bucket access, GuardDuty alert triage, CloudTrail anomaly detection, and VPC flow log analysis for data exfiltration indicators. Executed full NIST incident response lifecycle — Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned — for ransomware, phishing, insider threat, and APT-level incidents; delivered Root Cause Analysis (RCA) and executive-level reports. Performed endpoint forensics using CrowdStrike Falcon EDR and Microsoft Defender for Endpoint: process tree analysis, parent-child process investigation, DLL injection detection, hash validation via VirusTotal, AbuseIPDB, and Hybrid Analysis sandbox. Automated repetitive SOC triage workflows using Microsoft Sentinel Playbooks — automated IP enrichment, host isolation, alert suppression for known FPs — reducing analyst workload by 25% on recurring alert types. Authored and maintained SOC playbooks and runbooks for phishing, ransomware, brute force, insider threat, BEC, lateral movement, and cloud compromise scenarios, improving L1 investigation consistency and reducing escalation time. Coordinated vulnerability remediation across IT, Cloud, Network, and Application teams; tracked findings via ServiceNow ITSM tickets with SLA compliance; prepared compliance evidence for ISO 27001 and NIST CSF audits. Investigated phishing emails end-to-end: email header analysis, malicious URL detonation in Any.run sandbox, attachment hash analysis, extracted IOCs and updated threat intel feeds. Supported 24/7 shift operations with structured shift handover reports, real-time P1/P2 escalation to L2/L3 and CISO, and continuous SLA adherence monitoring.
Education
Bachelor of Technology (B.Tech) — Computer Science & Engineering - Pydah College of Engineering
2020 - 2023 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Citizen
Relocation
Open to Relocation
Skills (121)
Click a skill to find developers with the same skill
