About
Cyber Security Analyst (L2) with 4+ years of hands-on experience in SOC environments, threat detection, incident response, and security monitoring. Proficient in SIEM, SOAR, EDR, XDR, and MDR platforms across multi-cloud environments. Skilled in leveraging the MITRE ATT&CK framework, Cyber Kill Chain, and NIST Cyber security Framework to proactively identify, investigate, and mitigate advanced threats. Experienced in fine-tuning SIEM rules to reduce false positives, writing KQL queries, and conducting threat hunting using behavioral analytics. Strong understanding of the CIA Triad, DLP, vulnerability management, and endpoint security with a focus on continuous improvement of SOC operations.
Skills & Expertise (36)
Work Experience
Security Operations Analyst – L2
Accenture Pvt. Ltd.
Sep 2022 - May 2025
Monitored and analyzed security events across Azure Sentinel, IBM QRadar, and Splunk SIEM platforms, triaging 50+ alerts daily with a focus on reducing false positives through continuous rule fine-tuning and threshold adjustments. Investigated and responded to security incidents following the Cyber Kill Chain and MITRE ATT&CK framework, mapping adversary TTPs to identify lateral movement, privilege escalation, and exfiltration patterns. Automated incident response playbooks using Cortex XSOAR and Splunk Phantom, reducing mean time to respond (MTTR) by 30% for phishing, malware, and ransomware scenarios. Performed endpoint threat hunting and containment using CrowdStrike Falcon and Microsoft Defender for Endpoint (EDR), isolating compromised hosts and remediating malware infections. Leveraged SentinelOne and Trend Micro (XDR) for cross-telemetry threat correlation, detecting advanced persistent threats (APTs) and zero-day exploits across endpoints, networks, and cloud workloads. Monitored and investigated DLP (Data Loss Prevention) policy violations, ensuring compliance with data handling policies and protecting sensitive data in accordance with CIA Triad principles (Confidentiality, Integrity, Availability). Written advanced KQL (Kusto Query Language) queries in Azure Sentinel to build custom detection rules, workbooks, and hunting queries for proactive threat identification. Analyzed phishing emails and malicious attachments using Proofpoint, Mimecast, and Cofense, correlating indicators of compromise (IOCs) across email gateway logs to block campaigns. Conducted vulnerability assessments using Tenable Nessus and Qualys, prioritizing remediation based on CVSS scores and asset criticality aligned to the NIST Cybersecurity Framework. Collaborated with firewall teams on policy review and alert analysis for Palo Alto Networks and Zscaler, identifying anomalous traffic and C2 communication patterns. Managed cloud security monitoring across AWS and Azure environments, investigating IAM anomalies, misconfigured storage, and suspicious API calls. Performed Linux forensic analysis including log parsing, process investigation, and file integrity checks to support incident investigations. Documented incidents, created post-incident reports, and tracked remediation activities using ServiceNow and Jira, ensuring SLA compliance. Supported SOC L1 analysts with mentoring, knowledge-sharing sessions on MITRE ATT&CK, Cyber Kill Chain, and alert investigation best practices.
Security Operations Analyst – L1
Wipro Pvt. Ltd.
Sep 2020 - May 2022
Monitored real-time security alerts and events on Splunk SIEM and IBM QRadar, performing initial triage and escalating confirmed incidents to L2 analysts. Investigated endpoint alerts using Microsoft Defender for Endpoint, analyzing process trees, network connections, and registry modifications to identify malicious activity. Assisted in Sophos MDR and Rapid7 alert analysis, correlating managed detection findings with internal telemetry for improved threat context. Conducted phishing email analysis and user-reported incident investigations, utilizing Office 365 Defender and IronPort to trace email headers and identify spoofed senders. Applied foundational knowledge of MITRE ATT&CK TTPs to categorize and document threat behaviors during incident investigations. Monitored IDS/IPS alerts from network security tools, investigating signature-based detections and reducing noise through alert tuning with senior analysts. Performed basic Linux command-line operations for log analysis, including grep, awk, and sed for parsing security logs and identifying anomalies. Maintained accurate incident records in ServiceNow ticketing system, ensuring timely updates and adherence to defined SLA thresholds. Participated in vulnerability scanning exercises using Nessus, compiling scan reports and assisting in patch prioritization discussions.
Education
Bachelor of Commerce (B.Com) – Computers - Keshav Memorial Institute of Commerce and Science | Osmania University
2016 - 2019 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Relocation
Not Open to Relocation
Skills (36)
Click a skill to find developers with the same skill
