About
SOC Analyst (L2) with 3+ years of experience in security monitoring, incident response, and detection engineering within a 24x7 MSSP environment. Hands-on experience building SIEM detections, Sentinel playbooks using Azure Logic Apps, and SOC efficiency tooling across Splunk and Azure alongside multi-client incident handling across BFSI, healthcare, and manufacturing sectors. CEH and Microsoft SC-200 certified.
Skills & Expertise (15)
Work Experience
SOC Analyst – L2
Ernst and Young
Jan 2022 - Present
Monitored, investigated, and responded to security incidents using SIEM tools (Splunk, Microsoft Sentinel, Cortex XDR), including log collection from relevant sources to support containment and investigation. Conducted endpoint threat analysis and containment using EDR solutions (Microsoft Defender, SentinelOne, CrowdStrike). Utilized network security monitoring tools (Nozomi, Fidelis) to detect anomalous activity, enforce security policies, and strengthen network defense. Conducted proactive threat hunting and investigated email-based threats including phishing, using IOCs, threat intel reports, and security advisories across SIEM, EDR, and email security tools. Triaged and classified security incidents by severity, ensuring priority-based escalation and SLA adherence. Acted as L2 escalation point for L1 analysts, reviewing ticket notes for accuracy and completeness, and providing guidance on complex alert triage and incident response. Served as SPOC for a key client, managing incident escalations, refining SOC SOPs and IR procedures, and coordinating between client and internal teams to ensure timely resolution. Led alert tuning, rule optimization, throttling, and suppression across SIEM and EDR platforms. Built SPL query to identify notable events with missing analyst notes, supporting ticket quality audits and analyst accountability tracking. Designed and implemented an interactive Splunk dashboard to support SOC tuning activities, enabling analysts to drill down from rule-level frequency analysis to underlying command pattern investigation within a single view, reducing time spent identifying noisy rules and repeated notable events. Designed and implemented a manual incident escalation playbook in Microsoft Sentinel using Azure Logic Apps, enabling analysts to route under-enriched incidents to Core/TechOps teams while maintaining full audit visibility within the platform. Built a geo-based sign-in activity dashboard in Azure Workbooks using KQL to parse SigninLogs and extract location data from JSON fields, enabling visual monitoring of global login patterns and anomaly detection. Mapped threat actor TTPs to the MITRE ATT&CK framework to enrich threat intelligence and support detection improvement initiatives. Documented and tracked incidents in ServiceNow, contributing to SOC metrics, SLA reporting, and client-facing performance reviews. Operated in a 24x7 shift-based SOC environment supporting global enterprise clients across BFSI, healthcare, and manufacturing verticals.
Education
Bachelor of Technology in Computer Science and Engineering - APJ Abdul Kalam Technological University
2018 - 2022 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Citizen
Relocation
Open to Relocation
Skills (15)
Click a skill to find developers with the same skill
