About
Cybersecurity Analyst with 3.5 years of experience in Security Operations Center (SOC) environments, specializing in threat detection, investigation, and incident response. Proficient in Splunk ES, Microsoft Sentinel, Microsoft Defender, CrowdStrike Falcon, and cloud identity/email security solutions. Skilled in threat hunting, malware & phishing analysis, and applying frameworks like MITRE ATT&CK and Cyber Kill Chain to strengthen enterprise security posture.
Skills & Expertise (26)
Work Experience
Security Analyst
IBM
Feb 2024 - Present
Monitored and triaged cybersecurity alerts using Splunk ES and Microsoft Sentinel to ensure timely response and SLA adherence. Investigated alerts from Defender for Endpoint, Defender for Identity, MDO/O365, MCAS, and Entra ID Protection. Conducted detailed malware and phishing investigations using sandboxing, header analysis, and IOC extraction. Performed root cause analysis (RCA) for malware incidents and identity compromise cases. Utilized MITRE ATT&CK and the Cyber Kill Chain to map adversary behavior and enhance detection quality. Leveraged threat intelligence platforms (VT, OTX, AbuseIPDB, Hybrid Analysis) for IOC enrichment and context building. Performed proactive threat hunting on endpoints, networks, identities, and cloud logs. Analyzed network telemetry (TCP/IP, OSI, firewall, proxy, IDS/IPS logs) for intrusion detection. Managed the end-to-end incident lifecycle in ServiceNow, including escalation and documentation. Delivered SOC reports (daily, weekly, monthly) summarizing trends, KPIs, and recommendations. Enhanced organizational email security posture using Proofpoint and advanced sandbox technologies.
Security Analyst
Tech Mahindra
Apr 2021 - Sep 2022
Managed and responded to incidents triggered by the SIEM tool, ensuring thorough analysis and appropriate actions were taken. Analyzed logs from various network devices (routers, IDS/IPS, firewalls), operating systems (Windows), and antivirus software to detect and mitigate security threats. Monitored emails for potential threats, and recommended rules to enhance security. Conducted daily and monthly reporting on the security status of monitored devices, proactively identifying and addressing vulnerabilities. Created and managed saved searches and active channels on SIEM consoles to streamline the detection and handling of incidents. Coordinated the escalation and remediation of incidents, ensuring continuous security monitoring and reporting in compliance with SLAs. Developed and maintained incident tracking documentation, following up on unresolved incidents to prioritize timely resolution.
Education
B.Tech - Gurunanak Institute Of Technical Campus
- · Afghanistan