Muhammad Zubair

SOC Analyst L1

Islamabad, Pakistanhttps://linkedin.com/in/muhammad-zubair-a2044b2b3

Profile summary

Experienced SOC Analyst with more than 1 year experience in a 24/7 Security Operations Center.Experience with threat detection, incident response, and vulnerability management and successes including measured 30 percent reduction in false positives, 50 percent reduction in incident response time, and enhanced SIEM detection rules with Splunk and ELK Stack.Familiar with MITRE ATT&CK framework, log analysis and limited malware analysis.Concentrated on developing the efficiency of SOC and the development ofthe detection capabilities of continuous improvement and threat hunting.

Key skills

Skills
SplunkELK StackIBM QRadarSnortWiresharkMITRE ATT&CKOSINTIOC AnalysisLog CorrelationSigma RulesNessusNmapBurp SuiteOWASP Top 10PythonBashPhishing AnalysisEndpoint ForensicsPlaybook DevelopmentpfSenseIDS/IPSTCP/IPDNSHTTP/S AnalysisStatic/Dynamic AnalysisYARA RulesNIST SP 800-61ISO 27001Cloud Security (AWS, Azure, GCP)Threat Intelligence Platforms (e.g., ThreatConnect, MISP)Security Orchestration, Automation, and Response (SOAR)Container Security (Docker, Kubernetes)DevSecOps Principles

Professional experience

SOC InternSep 2025 - Present
Discovery School System

• Triaged 100+security alerts on ELK Stack, Distinguishing amongst malicious IPs & phishing. • Processed and visualized logs through the ELK Stack to retrieve anomalies and suspicious IP activity. • Reported phishing activities and port scanning trends on the review of network logs. • Investigated basic Indicators of Compromise (IOCs) using open-source intelligence and analysis tools. • Obtained hands-on experience with IDS/IPS systems and basic documentation of the first steps to take when responding to common types of alerts. • Performed simple malware reverse engineering in VirusTotal and Hybrid Analysis with suspicious binaries and extraction of IOCs

  • Triaged 100+security alerts on ELK Stack, Distinguishing amongst malicious IPs & phishing
  • Processed and visualized logs through the ELK Stack to retrieve anomalies and suspicious IP activity
  • Reported phishing activities and port scanning trends on the review of network logs
  • Investigated basic Indicators of Compromise (IOCs) using open-source intelligence and analysis tools
  • Obtained hands-on experience with IDS/IPS systems and basic documentation of the first steps to take when responding to common types of alerts
SOCAnalyst L1Apr 2024 - Present
Creative Web Solutions

• Decreased false positive rates by 30 percent by refining Splunk correlation rules, adding MITRE ATT&CK-based alert logic. • Investigated and escalated incidents according to MITRE ATT&CK framework and minimized false positives, as well as incident response time. • Carried out vulnerability assessments and reported on actionable findings which enhanced internal compliance and audit readiness. • Coordinated with IT teams in solving incidents on endpoints, firewalls, and websites. • Improved and documented incident response SOPs and playbooks, optimizing L1 analyst workflow. • Used internal ticketing systems for logging incidents to achieve full audit traceability. • Assisted in threat hunting by analyzing DNS logs, proxy traffic, and endpoint anomalies using Splunk and OSINT. • Participated in a SOAR workflow test to gain familiarity with the automatic playbook execution and alert enrichment via Splunk Phantom. • Obtained exposure to EDR tools like CrowdStrike Falcon to conduct endpoint telemetry analysis and some basic containment operations.

  • Decreased false positive rates by 30 percent by refining Splunk correlation rules, adding MITRE ATT&CK-based alert logic
  • Investigated and escalated incidents according to MITRE ATT&CK framework and minimized false positives, as well as incident response time
  • Carried out vulnerability assessments and reported on actionable findings which enhanced internal compliance and audit readiness
  • Coordinated with IT teams in solving incidents on endpoints, firewalls, and websites
  • Improved and documented incident response SOPs and playbooks, optimizing L1 analyst workflow

Education

Bachelor's Degree, Cyber SecurityDec 2024 - Dec 2024
Sir Syed Case Institute of Technology
High School or equivalent, Pre-EngineeringDec 2017 - Dec 2017
Pakistan International School
High School or equivalent, Computer ScienceDec 2014 - Dec 2014
Pakistan International School

Certifications

Certified Network Defender (CND)EC-Council