Muhammad Zubair
SOC Analyst L1
Profile summary
Experienced SOC Analyst with more than 1 year experience in a 24/7 Security Operations Center.Experience with threat detection, incident response, and vulnerability management and successes including measured 30 percent reduction in false positives, 50 percent reduction in incident response time, and enhanced SIEM detection rules with Splunk and ELK Stack.Familiar with MITRE ATT&CK framework, log analysis and limited malware analysis.Concentrated on developing the efficiency of SOC and the development ofthe detection capabilities of continuous improvement and threat hunting.
Key skills
Professional experience
• Triaged 100+security alerts on ELK Stack, Distinguishing amongst malicious IPs & phishing. • Processed and visualized logs through the ELK Stack to retrieve anomalies and suspicious IP activity. • Reported phishing activities and port scanning trends on the review of network logs. • Investigated basic Indicators of Compromise (IOCs) using open-source intelligence and analysis tools. • Obtained hands-on experience with IDS/IPS systems and basic documentation of the first steps to take when responding to common types of alerts. • Performed simple malware reverse engineering in VirusTotal and Hybrid Analysis with suspicious binaries and extraction of IOCs
- Triaged 100+security alerts on ELK Stack, Distinguishing amongst malicious IPs & phishing
- Processed and visualized logs through the ELK Stack to retrieve anomalies and suspicious IP activity
- Reported phishing activities and port scanning trends on the review of network logs
- Investigated basic Indicators of Compromise (IOCs) using open-source intelligence and analysis tools
- Obtained hands-on experience with IDS/IPS systems and basic documentation of the first steps to take when responding to common types of alerts
• Decreased false positive rates by 30 percent by refining Splunk correlation rules, adding MITRE ATT&CK-based alert logic. • Investigated and escalated incidents according to MITRE ATT&CK framework and minimized false positives, as well as incident response time. • Carried out vulnerability assessments and reported on actionable findings which enhanced internal compliance and audit readiness. • Coordinated with IT teams in solving incidents on endpoints, firewalls, and websites. • Improved and documented incident response SOPs and playbooks, optimizing L1 analyst workflow. • Used internal ticketing systems for logging incidents to achieve full audit traceability. • Assisted in threat hunting by analyzing DNS logs, proxy traffic, and endpoint anomalies using Splunk and OSINT. • Participated in a SOAR workflow test to gain familiarity with the automatic playbook execution and alert enrichment via Splunk Phantom. • Obtained exposure to EDR tools like CrowdStrike Falcon to conduct endpoint telemetry analysis and some basic containment operations.
- Decreased false positive rates by 30 percent by refining Splunk correlation rules, adding MITRE ATT&CK-based alert logic
- Investigated and escalated incidents according to MITRE ATT&CK framework and minimized false positives, as well as incident response time
- Carried out vulnerability assessments and reported on actionable findings which enhanced internal compliance and audit readiness
- Coordinated with IT teams in solving incidents on endpoints, firewalls, and websites
- Improved and documented incident response SOPs and playbooks, optimizing L1 analyst workflow