About
SOC Analyst with 1.5 years of experience in Security Operations Center (SOC) environments, specializing in security monitoring, alert triage, and incident investigation. Hands-on experience with SIEM platforms including QRadar, Splunk, and Microsoft Sentinel, along with endpoint analysis using EDR tools. Skilled in log analysis, phishing and malware alert investigation, IOC validation, and escalating confirmed incidents in alignment with incident response playbooks and the MITRE ATT&CK framework.
Skills & Expertise (14)
Work Experience
SOC Analyst
SBL Technologies
Jun 2025 - Present
Monitor, triage, and investigate security alerts across Splunk and Microsoft Sentinel in on-prem and multi-cloud (Azure, AWS) environments to detect and respond to high-risk incidents. Perform endpoint and identity investigations using CrowdStrike Falcon, including host timeline analysis, privilege escalation detection, and Azure AD anomaly analysis, executing containment actions such as endpoint isolation and account lockouts. Develop and tune detection rules and correlation searches using SPL, aligned with the MITRE ATT&CK framework, improving alert fidelity and reducing false positives. Conduct proactive threat hunting for CVE exploitation, insider threats, suspicious PowerShell activity, and lateral movement across endpoint, identity, and cloud telemetry. Investigate phishing incidents using Proofpoint and Microsoft 365 Defender, extracting and blocking IOCs through threat intelligence integrations. Analyze cloud security alerts across Azure, AWS, and Microsoft Defender for Cloud, producing incident reports with root cause analysis and remediation guidance.
Assistant System Engineer
Tata Consultancy Services (TCS)
Jul 2024 - Nov 2024
Monitored and investigated security events across global customer environments using Splunk and QRadar, performing alert triage and escalation in accordance with defined SLAs as an L1 SOC Analyst. Investigated phishing campaigns, brand abuse, malicious URLs, scam domains, and account compromise incidents using threat intelligence platforms such as VirusTotal, IPVoid, and MXToolbox. Analyzed network-based attacks including DoS/DDoS and MITM, producing incident reports with containment actions and remediation recommendations. Developed SIEM dashboards, correlation rules, and reports to improve threat visibility and SOC operational efficiency. Performed malware analysis and threat intelligence correlation to identify IOCs and support detection improvements. Collaborated with WAF and infrastructure teams to investigate web-based threats and implement IP blocking and mitigation strategies.
Education
Bachelor of Technology (B.Tech.) - SRM Institute of Science & Technology
- 2024 · Afghanistan
Certifications
Certified Ethical Hacker
· 2026
Comptia Security+
· 2026
