About
Cybersecurity professional with hands-on experience in endpoint alert triage, security incident investigation, and infrastructure defense across MSSP environments. Production experience with Sophos Central, CrowdStrike EDR, FortiGate NGFW, and ZScaler; SC-200 certified with applied KQL knowledge and Microsoft Sentinel detection workflows. Practiced in kill chain attack techniques phishing, credential theft, lateral movement, malware execution, C2, and data exfiltration through MITRE ATT&CK based triage and offensive security lab work. Available for night shift and shift-rotation environments.
Skills & Expertise (38)
Work Experience
Security System Engineer
Fencer Services Pvt. Ltd.
May 2026 - Present
Restored network stability at a 52-device client site within 5 hours of root cause identification after a 3-day investigation; correlated SonicWall AppFlow traffic with Windows Event Viewer logs to trace a Kerberos authentication retry loop generating 678+ connection attempts per hour that was exhausting switch CAM tables. Triaged endpoint security alerts in Sophos Central, reviewed detection name, process ancestry, and endpoint history to assess severity; confirmed benign alerts with documented justification and escalated confirmed threats through defined escalation paths. Detected a KMS Activator PUA on a client endpoint and completed full triage, remediation, rescan, and post-incident log verification within 3 hours; identified a concurrent domain admin session as an insider threat indicator and escalated for firewall log correlation. Detected and contained a brute force attack that had been active undetected for 7 days; identified the targeted service port from firewall logs and immediately contained it by remapping to a non-standard port, escalating with full incident context through the defined escalation path. Investigated a Microsoft Teams service disruption at a client site; traced root cause to Sophos Application Control misclassification and resolved via policy scope correction. Authored FortiGate configuration documentation across 2 client sites covering VPN tunnel setup, SD-WAN policies, network segmentation, and security policy architecture; conducted a FortiGate health audit identifying security gaps and misconfigurations for remediation and compliance review. Authored client-facing incident reports and investigation notes, detection timeline, containment, remediation, and post-incident recommendations structured for handover continuity and audit trail. Participated in ISO 9001 internal audit contributed to non-conformity documentation, corrective action tracking, and audit evidence preparation.
Technical System Engineer
Fencer Services Pvt. Ltd.
Nov 2025 - May 2026
Conducted daily manual log review and alert triage across multiple client environments, checked Windows Server security events, FortiGate NGFW traffic logs, and CrowdStrike console detections; made structured decisions to close benign alerts with documented justification, investigate anomalies further, or escalate through defined escalation paths. Deployed and administered CrowdStrike EDR across approximately 80 endpoints; managed USB and removable media access control policies to eliminate unauthorized data transfer risk. Administered FortiGate NGFW in production firmware upgrades, web filtering, application control, URL policies, and security log analysis; evaluated FortiEMS for endpoint visibility and compliance enforcement. Administered Active Directory and ManageEngine ADManager; enforced RBAC, least-privilege, and Segregation of Duties across all client environments; managed endpoint compliance via IBM BigFix and incident ticketing via ManageEngine Service Desk. Eliminated approximately 83 hours of manual effort by building a PowerShell script that silently removed 10 restricted applications enterprise-wide across 200+ endpoints under administrative privileges, reducing per-machine intervention from 25 minutes to zero. Observed ISO 27001 internal audit proceedings at client sites risk control assessments and non-conformity review process.
Cybersecurity Trainee – Offensive Security & Firewall Engineering
Zoom Technologies
Sep 2025 - Oct 2025
Practiced offensive techniques in a controlled lab: DDoS, XSS, brute force, ARP poisoning, network scanning, footprinting, and basic Metasploit exploitation; applied attacker perspective to SOC triage scenarios to identify behavioural patterns, lateral movement indicators, and common evasion techniques. Configured Cisco ASA and Stormshield firewalls: policy rules, NAT, ACLs, and VPN protocols (GRE, IPSec, SSL/TLS); studied SASE and UTM security architectures.
Cybersecurity Trainee – SOC & Network Security
Zoom Technologies
Aug 2025 - Sep 2025
Deployed Wazuh and Splunk SIEM in lab for log ingestion, event correlation, and alert monitoring; administered Active Directory and Domain Controller with Group Policy and DHCP/DNS configuration. Built LAN/WAN topologies in Cisco Packet Tracer; configured VLAN, DHCP, DNS, and NAT/PAT; used Wireshark for traffic capture and Nmap for network scanning and reconnaissance analysis.
Education
B.Tech in Electronics and Telecommunication Engineering - Guru Nanak Institute of Engineering and Technology
2021 - 2025 · Afghanistan
Certifications
Microsoft Certified: Security Operations Analyst Associate (SC-200)
Microsoft · 2026
CSA-US-V1 Certified SOC Analyst
US-Council · 2025
CSP-US-V3 Cyber Professional
US-Council · 2025
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Need Sponsorship
Relocation
Open to Relocation
Skills (38)
Click a skill to find developers with the same skill