Sep 2025 – Present · 6 mos · Karachi Division, Sindh, Pakistan · On-site

• Working as a Security & SIEM Engineer, responsible for the design, deployment, integration, and optimization of enterprise security monitoring platforms and security controls across large-scale public and private sector environments. My role focuses on SIEM architecture, detection engineering, security control integrations, and compliance-aligned security visibility.
• Key Responsibilities & Engineering Expertise:
• Designed, deployed, and supported enterprise-grade SIEM architectures, including All-in-One (AIO) and distributed deployments, ensuring scalability, high availability, and performance optimization.
• Led end-to-end SIEM engineering lifecycle, covering log source onboarding, parsing, normalization, enrichment, data pipeline tuning, and long-term log retention strategies.
• Implemented and optimized agent-based and agent-less integrations across endpoints, servers, network devices, firewalls, applications, and cloud platforms to ensure centralized and reliable security telemetry.
• Engineered and matured detection use cases aligned with MITRE ATT&CK and Cyber Kill Chain (CKC) frameworks, focusing on detection accuracy, coverage gaps, and lifecycle maturity.
• Integrated and managed a broad range of enterprise security controls, including:
• Endpoint & XDR Platforms: Microsoft Defender XDR, Trend Micro XDR, Kaspersky EDR
• Network Security Controls: Cisco FMC & FTD, Huawei Firewall
• Perimeter & Web Security: DOSarrest Web Application Firewall (WAF)
• Cloud & Identity Security: Microsoft Azure Security Stack, Entra ID, Defender for Cloud
• Built and maintained UAT and testing environments using Microsoft Sentinel, IBM Qradar and Defender XDR to validate new integrations, detections, and security control changes before production rollout.
• Aligned SIEM engineering and security control implementations with ISO/IEC 27001, risk management processes, and business continuity requirements.

Jun 2025 – Sep 2025 · 3 mos · Karachi Division, Sindh, Pakistan · On-site

• Monitored and analyzed security alerts within a 24/7 SOC environment, performing alert triage and investigation to identify true positives and minimize false positives.
• Conducted end-to-end incident investigations, including alert validation, root cause analysis, impact assessment, escalation handling, and post-incident reporting.
• Performed phishing detection and analysis activities, including manual inspection of email headers, URLs, attachments, and payloads to identify credential harvesting, malware delivery, and social engineering attacks.
• Performed manual threat hunting using hypothesis-driven techniques to proactively identify hidden threats, suspicious behaviors, and anomalous activity not detected by automated alerts.
• Analyzed threat and attack patterns by correlating security events, behavioral indicators, and attacker TTPs to detect ongoing or emerging attack campaigns.
• Applied MITRE ATT&CK and Cyber Kill Chain (CKC) frameworks to map adversary behavior, identify attack progression, and enhance SOC detection.
• Conducted deep log analysis across endpoint, network, authentication, and application logs to investigate lateral movement, persistence, privilege escalation, and command-and-control activity.
• Supported incident response operations, coordinating containment and remediation efforts with internal teams and ensuring timely escalation of high-severity incidents.
• Integrated threat intelligence and contextual data into investigations to enrich alerts, validate threats, and improve analyst decision-making.
• Contributed to the development and refinement of SOC playbooks and SOPs, improving response consistency and operational maturity.
• Supported SOC maturity initiatives aligned with SOC-CMM and security best practices, focusing on detection quality, response time, and operational efficiency.
• Maintained strong working knowledge of security event lifecycles, incident response processes, networking fundamentals, and Linux-based systems.