About
Results-driven Cybersecurity professional with 4.8 years of hands-on experience in Security Operations Center (SOC) environments, Threat Detection & Response, SIEM Operations, Vulnerability Assessment, and Email Security. Proven expertise in monitoring, analyzing, and responding to security incidents across enterprise environments using industry-leading tools including IBM QRadar, Microsoft Sentinel, Splunk, and CrowdStrike Falcon. Adept at triaging alerts, performing root cause analysis, reducing false positives, and collaborating with cross-functional teams to contain and remediate threats. Experienced in 24x7 SOC operations supporting global clients across BFSI, Technology, and Healthcare verticals. Passionate about applying up-to-date threat intelligence to proactively protect organizational assets.
Skills & Expertise (63)
Work Experience
IT Security Analyst
QAD Inc.
Apr 2021 - Jan 2026
Monitored and analyzed security events in real-time using ArcSight, Microsoft Sentinel, and LogRhythm SIEM; triaged and escalated alerts in line with established SLAs. Performed phishing and spear-phishing email analysis — inspected email headers, malicious attachments (PDF, Office macros), and embedded URLs using tools such as MXToolbox, PhishTool, and URLScan.io. Investigated Microsoft 365 security alerts via Microsoft Defender for Office 365, Cloud App Security (MCAS / Defender for Cloud Apps), and O365 DLP policies; identified data exfiltration and insider-threat indicators. Conducted log analysis and threat correlation across multi-source environments (AD, Azure AD, Exchange, firewalls, proxies) to detect lateral movement, credential stuffing, and account compromise. Reduced false-positive alert volume by 35% by fine-tuning QRadar custom rules, building AIE correlation rules in LogRhythm, and maintaining knowledge-base articles for recurring alert patterns. Participated in the end-to-end migration of ArcSight SIEM to LogRhythm SIEM — validated log source on-boarding, alert mapping, and rule parity post-migration. Identified and documented Indicators of Compromise (IOCs) — IPs, domains, file hashes — using threat intelligence platforms (VirusTotal, AbuseIPDB, MISP) to enrich investigation context. Led incident escalation and coordinated remediation with IT, Network, and Application teams; authored detailed incident reports including timelines, impact assessment, and root cause analysis. Applied MITRE ATT&CK TTPs to map adversary behaviors observed in alerts, improving detection rule quality and threat-hunting hypothesis generation. Documented SOC playbooks and runbooks for common threat scenarios including Business Email Compromise (BEC), ransomware precursors, and privilege escalation attempts. Supported vulnerability assessment activities: tracked CVEs, validated patch status, and communicated critical findings to asset owners within defined SLA windows. Delivered weekly and monthly threat trend reports to stakeholders, highlighting top attack vectors, alert volumes, and remediation KPIs. Operated in a 24x7 Tier-1 and Tier-2 SOC environment; monitored, triaged, and responded to security alerts generated by Splunk ES, IBM QRadar, and McAfee ESM across multiple client environments. Performed real-time monitoring of network security devices including Cisco ASA/Firepower IPS, Palo Alto Firewalls, Check Point, endpoint security agents, and email gateways; correlated logs against client-specific threat profiles. Executed malware analysis on suspicious files using sandbox tools (Any.run, Cuckoo Sandbox) and static analysis tools; delivered complete remediation actions including quarantine, endpoint cleanup, and reimaging guidance. Built and maintained custom dashboards, saved searches, correlation searches, and reports in Splunk ES and QRadar to improve alert fidelity and analyst efficiency. Recognized attack signatures and exploitation patterns (SQL injection, XSS, brute force, DDoS, APT lateral movement) and differentiated true positives from false positives, driving an improved signal-to-noise ratio. Responded to Active Directory and identity-based threats: detected password spray attacks, Kerberoasting attempts, Pass-the-Hash, and unauthorized privileged account usage. Performed network packet analysis using Wireshark and tcpdump to investigate anomalous traffic, data exfiltration over DNS/HTTPS, and C2 beaconing behavior. Conducted host-based forensic triage: reviewed Windows Event Logs (4624, 4625, 4688, 4776), Sysmon logs, and registry artifacts to trace threat actor activity and establish attack timelines. Carried out Vulnerability Assessments on web applications and servers using Nessus and Qualys; documented findings with CVSS scores and remediation priorities. Supported incident response exercises: performed containment actions (host isolation, account lockout, firewall block), preserved forensic evidence, and authored post-incident reports. Collaborated with threat intelligence teams to develop advanced detection queries and SIEM correlation rules aligned to emerging TTPs from threat feeds (MISP, AlienVault OTX, STIX/TAXII). Managed and resolved security incidents using ServiceNow ITSM; documented all investigation steps, evidence, timelines, and remediation actions per SOC procedures and client SLAs. Conducted log-source health checks and onboarding for new client devices; maintained 99%+ log collection uptime through proactive monitoring and alert for log stoppage events.
Education
Bachelor of Technology (B.Tech), Mech - Adarsh College of Engineering, Chebrolu, JNTU / Affiliated University
- · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Need Sponsorship
Relocation
Open to Relocation
Skills (63)
Click a skill to find developers with the same skill
