About
Security Analyst with 4+ years of experience in handling high-volume SOC operations with a strong focus on investigating complex alerts, improving detection quality, and reducing operational noise. Regularly works with SIEM and endpoint telemetry to identify real threats from large datasets, with hands-on involvement in alert tuning and incident handling. Known for practical investigation skills and ability to quickly validate and respond to suspicious activity in live environments.
Skills & Expertise (36)
Work Experience
Security Analyst
Nexxoft Infotel
Jan 2023 - Present
Monitored and triaged 10,000+ security events daily using Splunk and QRadar, identifying high-risk alerts and reducing false positives. Performed detailed investigations on endpoint and network alerts including malware detections, suspicious authentication activity, and lateral movement indicators. Conducted endpoint investigations using CrowdStrike and Microsoft Defender, including process analysis, command-line review, and host isolation actions. Tuned and optimized SIEM correlation rules, improving detection quality and reducing alert fatigue by 25%. Analyzed logs from endpoint, firewall, proxy, and authentication sources to identify anomalous behavior patterns. Investigated phishing incidents using email header analysis, sandboxing, and threat intelligence tools. Performed IOC-based and behavior-based analysis to validate alerts and identify potential compromises. Managed complete incident lifecycle in ServiceNow including triage, investigation, root cause analysis, and closure within SLA. Conducted network traffic analysis using Wireshark and Zeek to identify suspicious connections and potential command-and-control activity. Supported false positive reduction and detection improvement initiatives. Assisted in developing and updating SOC playbooks and standard response procedures. Mentored junior analysts and supported shift operations and escalation decisions.
System Engineer
Tata Consultancy Services
Dec 2021 - Dec 2022
Monitored and analyzed security alerts from SIEM dashboards and escalated suspicious activities based on severity. Assisted in IDS/IPS rule tuning (Snort, Suricata) to detect scanning activity and brute-force attempts. Performed log analysis using Splunk to identify suspicious login behavior and access anomalies. Supported vulnerability assessments using OpenVAS and tracked remediation progress through Jira. Assisted in phishing investigations by analyzing email headers, links, and attachments. Participated in patch validation processes to ensure timely remediation of vulnerabilities. Documented incidents and contributed to SOC standard operating procedures (SOPs).
Education
B.Tech in Electronics and Communication Engineering - Srinivasa Institute of Engineering and Technology
- 2020 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (36)
Click a skill to find developers with the same skill
