About
Security Operations Analyst with 2+ year of hands-on experience in proactive threat hunting, log analysis, and real-time incident detection and response. Skilled in monitoring and investigating security alerts using SIEM tools (Splunk, QRadar, Sentinel) and EDR platforms (CrowdStrike, Microsoft Defender). Experienced in phishing investigations, reducing MTTD/MTTR, and supporting vulnerability management using Qualys and Nessus.
Skills & Expertise (17)
Work Experience
SOC Analyst
ENSIGN INFOSECURITY PTE LTD
Nov 2023 - Present
Monitor SIEM dashboards and perform initial triage of security alerts. Analyze basic log sources (Firewall, Proxy, Endpoint, Email, IPS/IDS) to identify suspicious or abnormal activities. Validate alerts and categorize them as False Positive or potential security incidents. Investigate phishing emails, review headers/body/links, and provide recommendations to users. Escalate confirmed incidents to L2 teams with complete evidence, logs, and timeline details. Track and manage incidents in ticketing tools (ServiceNow / OS Ticket) and maintain clear investigation notes. Monitor the health of security tools, log sources, and sensors, and raise tickets for any SIEM ingestion or connectivity issues. Follow SOC playbooks for alert handling, escalation, documentation, and reporting. Perform continuous monitoring to ensure timely detection of threats and maintain strong situational awareness. Support overall SOC operations by coordinating with internal teams, ensuring smooth workflows, and improving alert-handling efficiency.
Education
Bachelor of Science - Shivaji University
- · Afghanistan
