About
Results-driven SOC Analyst with 1+ year of hands-on experience in Security Operations Center (SOC) operations, real-time security monitoring, alert triage, threat detection, incident response, and vulnerability assessment. Proficient in SIEM platforms (Microsoft Sentinel, Splunk), EDR tools (Trend Micro Apex One, CrowdStrike Falcon, Microsoft Defender), threat intelligence analysis using MITRE ATT&CK; framework, and IOC enrichment. Demonstrated ability to investigate malware and phishing incidents, perform endpoint security analysis, correlate logs across firewalls and network devices, and escalate critical incidents per SLA. Holds CEH v12, SC-200, and CCNA certifications. Immediate joiner, available for 100% remote role.
Skills & Expertise (50)
Work Experience
SOC Analyst (L1)
ARDOM
Dec 2024 - Dec 2025
Monitored and triaged 50+ daily security alerts from Microsoft Sentinel and Splunk covering endpoints, authentication, firewall events, and network devices; classified incidents by severity (P1-P4) per SOC playbooks with <15-minute response time on critical alerts. Performed real-time log correlation across SIEM, EDR, and network logs to identify multi-stage attack patterns, lateral movement indicators, and unauthorized access attempts. Investigated malware detections, suspicious login attempts, brute-force attacks, and unauthorized access alerts; coordinated host isolation and remediation with infrastructure teams. Conducted comprehensive phishing email analysis including header inspection, URL detonation, attachment sandbox analysis, and IOC extraction; updated blocklists to prevent re-infection. Leveraged VirusTotal, OSINT feeds, and internal threat intelligence to enrich security alerts with context, extract IOCs (IPs, domains, file hashes, URLs), and map adversary TTPs to MITRE ATT&CK; framework. Administered Trend Micro Apex One and Deep Security for endpoint anti-malware, behavior monitoring, web reputation enforcement, and vulnerability mitigation via virtual patching on unpatched systems. Analyzed network traffic indicators including port scanning, connection attempts, unauthorized outbound communications, and DNS requests for malicious domains. Maintained incident tickets in ServiceNow and Jira with investigation findings, containment actions, and remediation details; authored daily shift reports and SOC handover documentation. Validated security events to distinguish false positives from genuine threats, contributing to alert-quality improvement and SIEM rule tuning efforts. Reviewed firewall logs to identify potential intrusion attempts and raised change requests for rule updates to improve detection capabilities. Escalated high-risk and critical incidents to L2 analysts per escalation matrix, ensuring timely incident handling and stakeholder communication.
Education
Bachelor of Commerce (B.Com) - ISBM - International School of Business & Media
- 2023 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (50)
Click a skill to find developers with the same skill
