About
Possess of 3+ years as a SOC Analyst, specializing in SOC monitoring, alerting, incident response, and security investigations using advanced SIEM and SOAR platforms such as Splunk Enterprise and Cortex XSIAM. Skilled in malware analysis, KQL, SOAR automation, incident response, threat hunting, and vulnerability management across both cloud and on-premises environments. Adept at leveraging industry-leading technologies including Splunk, Cortex XSIAM, Azure Sentinel, IBM QRadar, EDR platforms to detect, analyze, and mitigate complex cyber threats. Proven track record in improving security posture, optimizing SOC processes, and delivering actionable insights that strengthen organizational defenses. Committed to continuous learning, staying aligned with the latest security trends, and providing innovative, scalable and proactive cybersecurity solutions.
Skills & Expertise (54)
Work Experience
SOC Analyst
Cognizant
Aug 2022 - Aug 2025
Continuously monitored security events and alerts using SIEM tools (Splunk, QRadar, Cortex XSIAM, Azure Sentinel) to detect potential security incidents. Performed Tier 1 and Tier 2 incident analysis, including phishing attacks, malware infections, brute-force attempts, and suspicious network activity. Conducted detailed log analysis across firewalls, IDS/IPS, servers, endpoints, and cloud environments to identify root cause and scope of incidents. Monitored and investigated security alerts in Azure Sentinel, leveraging KQL queries to detect anomalies across endpoint, network, and identity logs. Developed custom KQL queries and analytics rules to identify suspicious patterns such as lateral movement, privilege escalation, and persistence techniques. Created and fine-tuned hunting queries in Sentinel to proactively search for Indicators of Compromise (IOCs) and emerging threat behaviors. Automated incident enrichment by correlating logs from multiple data sources (EDR, firewall, identity providers) using KQL. Built dashboards and workbooks in Azure Sentinel to visualize SOC metrics, incident trends, and threat hunting results for CXO reporting. Performed RCA (Root Cause Analysis) on escalated incidents by querying Sentinel’s data lake with advanced KQL joins, unions, and time-series functions. Integrated threat intelligence feeds into Sentinel and used KQL to match against known malicious IPs, domains, and hashes. Optimized detection rules and alert thresholds in Sentinel to reduce false positives and improve SOC efficiency. Participated in SOAR automation initiatives by linking Sentinel alerts with playbooks for automated response actions. Responded to incidents following established incident response playbooks, ensuring timely containment, eradication, and recovery. Analyzed Indicators of Compromise (IOCs) and leveraged threat intelligence feeds to enhance detection and response capabilities. Monitored and triaged incidents through Cortex XSOAR, leveraging automated playbooks to accelerate detection and response. Investigated alerts and enriched cases using integrated threat intelligence feeds, reducing manual effort and improving RCA quality. Developed and fine-tuned Splunk SOAR playbooks for phishing, malware, and endpoint compromise scenarios, cutting response time. Automated repetitive SOC tasks (IOC lookups, endpoint isolation, user account disablement) via XSOAR workflows, improving analyst efficiency. Generated daily/weekly dashboards in Cortex XSOAR highlighting incident trends, automation coverage, and SOC performance metrics. Maintained SOPs and incident logs within Cortex XSOAR to support governance, audit readiness, and continuous improvement. Contributed to cross functional initiatives like GenAI-driven enrichment and SOAR automation expansion, enhancing SOC maturity. Investigated phishing emails, malicious URLs, and attachments using sandbox, email security tools, and OSINT platforms. Generated daily/weekly reports from XSIAM dashboards highlighting incident trends, endpoint posture, and SOC performance metrics. Utilized EDR/XDR solutions to detect endpoint threats and perform host-based investigations. Reduced false positives by tuning SIEM rules, correlation searches, and alert thresholds. Monitored and triaged alerts in Cortex XSIAM, correlating endpoint, network, and identity telemetry to identify advanced threats. Investigated suspicious activity using XSIAM’s AI-driven analytics, performing root cause analysis (RCA) and documenting findings for incident reports. Executed automated response playbooks within XSIAM to isolate compromised assets, block malicious indicators, and reduce mean time to respond (MTTR). Fine-tuned detection rules and correlation policies in XSIAM to minimize false positives and improve detection accuracy. Integrated threat intelligence feeds into XSIAM for proactive detection of emerging IOCs and TTPs. Collaborated with SOC teams to escalate complex incidents, leveraging XSIAM dashboards for real-time visibility and reporting. Maintained SOPs and incident logs aligned with compliance requirements, ensuring audit readiness. Documented incidents, findings, and remediation steps in ticketing systems such as Service Now or Jira. Collaborated with IT, network, and security teams to remediate vulnerabilities and improve overall security posture. Supported compliance and audit requirements by maintaining accurate incident records and security documentation. Worked effectively in a 24/7 SOC environment, handling high-severity incidents under strict SLAs. Investigated alerts and enriched cases by integrating Splunk SOAR with SIEM, EDR, and threat intelligence platforms. Conducted proactive threat hunting across endpoints, networks, and cloud environments to identify hidden threats and anomalous behaviors. Leveraged EDR tools (SentinelOne, Falcon Crowdstrike, Microsoft Defender) and SIEM platforms (Azure Sentinel, Splunk, Cortex XSIAM) to build hunting queries and detect advanced attack techniques.
Education
B.Tech - Godavari Institute of Engineering & Technology
- 2021 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Citizen
Relocation
Open to Relocation
Skills (54)
Click a skill to find developers with the same skill
