About
Cybersecurity Analyst with 7+ years of IT experience, including 2+ years in a 24×7 SOC environment. Skilled in IBM QRadar SIEM, threat detection, incident triage, and log analysis across Windows, network, and cloud environments. Strong background in network security with hands-on experience in Splunk, Microsoft Sentinel, and threat intelligence tools.
Skills & Expertise (27)
Work Experience
Cybersecurity Analyst
Devfi
Jan 2024 - Present
Worked in a 24×7 rotational shift monitoring IBM QRadar SIEM, handling around 40–70 SIEM alerts per shift. Performed alert triage by analyzing login failures (Event ID 4625), successful logins (4624), admin privilege assignments (4672), process creations (4688), and network traffic patterns to determine impact and severity. Correlated QRadar offenses with Sysmon logs, AD logs, firewall traffic logs, and endpoint alerts to validate genuine threats and close false positives with justification. Logged and managed security incident tickets in ServiceNow by documenting QRadar alert findings, reviewing related logs during investigation, and coordinating with L2 teams for escalation and timely resolution as per SLA. Investigated high-severity alerts through detailed log analysis to identify attack patterns, affected hosts, and user activity, and escalated validated incidents to L2/L3 teams with clear timelines and supporting evidence. Monitored AWS CloudTrail, VPC Flow Logs, and Azure AD logs in IBM QRadar to investigate suspicious logins and unusual activity during alert triage. Reviewed Cisco AMP alerts as part of daily SOC monitoring and documented findings in the ticketing system for further investigation and escalation. Conducted proactive threat hunting using QRadar AQL queries to identify anomalous login behavior and suspicious outbound connections. Investigated brute-force alert by correlating failed/successful logins, validated via AD and firewall logs, and escalated with key details. Performed packet-level analysis using Wireshark and TCPDump to identify suspicious outbound connections and possible command-and-control communication. Validated suspicious IPs, domains, and file hashes using VirusTotal and referred to the MITRE ATT&CK framework to understand the attack technique before escalating confirmed threats. Participated in daily shift handovers, sharing open incidents, emerging attack patterns, and operational updates to ensure seamless SOC continuity. Used AQL queries in QRadar to quickly check suspicious login activity and investigate alerts more efficiently.
Senior Network Engineer
DPR Solutions
Jan 2019 - Dec 2023
Configured and supported enterprise routers, Layer 2/Layer 3 switches, Fortinet firewalls, and wireless devices across multi-site environments. Implemented and maintained routing protocols such as OSPF, EIGRP, and BGP, along with inter-VLAN routing, STP, and redundancy setups to ensure stable connectivity. Managed firewall policies including NAT, ACLs, security zones, and regularly reviewed rules to remove unused or risky configurations. Deployed and troubleshot IPSec and SSL VPNs, resolving common Phase 1 and Phase 2 issues and supporting secure remote access for users. Conducted firmware upgrades, applied security patches, handled vulnerability fixes, and participated in disaster recovery testing to maintain system stability and compliance. Used ManageEngine OpManager and Zabbix for network monitoring, alert handling, device health checks, and performance tracking. Performed troubleshooting using Wireshark to analyze packet-level issues, identify latency problems, and resolve connectivity failures. Managed incidents, service requests, and change activities through ServiceNow, ensuring proper documentation and SLA adherence. Supported core infrastructure services including Active Directory, DHCP, DNS, and IP management in multi-location setups. Worked closely with server and security teams during infrastructure upgrades and data center migrations, ensuring minimal downtime and smooth transitions.
Education
Master of Technology (M. Tech) in Embedded Systems - Vaagdevi Engineering College
- 2015 · Afghanistan
Bachelor of Technology (B.Tech) in ECE - Pathfinder Engineering College
- 2013 · Afghanistan
Certifications
CompTIA Security+ (SY0-701)
· 2026
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (27)
Click a skill to find developers with the same skill
