Cybersecurity Analyst with Incident Response Expertise
Resume:
Shumaila S.
********.****@*****.***
PROFESSIONAL SUMMARY
I am a Cybersecurity Analyst with over 8 years of hands-on experience monitoring and responding to threats across global enterprise and healthcare environments. I have a strong background in investigating SIEM and XDR alerts, analyzing endpoint and identity activity, and performing root cause analysis using process trees and causality chains. I have worked extensively with tools such as Microsoft Sentinel, Defender, CrowdStrike, and Cyberhaven to detect, contain, and remediate security incidents. My experience includes threat hunting, phishing analysis, and data loss prevention, with a focus on protecting sensitive data and maintaining operational continuity. I have also mentored junior analysts, supported SOC operations, and helped improve workflows through automation and practical use of AI-driven capabilities. I hold CompTIA Security+ and SecAI+ certifications and bring a solid foundation in modern security operations and incident response.
TECHNICAL COMPETENCIES
TrendMicro MS Defender Vade Secure ThreatSpike
M365 Azure CarbonBlack CrowdStrike EntraID
Sentinel Palo Alto XDR/ XSOAR Vectra QRadar
XSOAR IronPort / ProofPoint Tanium CryoServer
Recorded Future SharePoint Confluence Heat / Remedy ServiceNow Qualys CyberHaven (DLP) JIRA
EDUCATION & TECHNICAL CERTIFICATIONS
KHI University - Bachelors of Science 2007
CompTIA Sec AI+ 2026
CompTIA Security+ CE 2023
ITIL V3 2015
PROFESSIONAL EXPERIENCE
Worldwide Flight Services (WFS) 01/2024- Present
Cyber Security Analyst
Monitor and investigate security alerts across North America and EMEA, triaging and responding to potential threats in a timely manner
Provide consistent security coverage, including after-hours support when needed to maintain operational continuity
Manage and track security incidents through Threatspike, ensuring proper escalation, documentation, and follow-through
Investigate XDR alerts by analyzing endpoint, network, and identity telemetry to determine scope and impact
Perform root cause analysis using process trees and causality chains to understand how threats originated and propagated across systems
Analyze suspicious processes, command-line activity, registry changes, and network connections to identify indicators of compromise
Conduct deep-dive investigations into endpoint activity, including lateral movement, persistence mechanisms, and privilege escalation attempts
Correlate alerts across multiple tools (SIEM, EDR/XDR, email security, identity platforms) to build a complete picture of security incidents
Investigate identity-based threats within Entra ID, including suspicious sign-in activity, impossible travel events, atypical user behavior, and risky logins
Analyze authentication logs, conditional access policies, and MFA activity to identify potential account compromise or misuse
Respond to identity alerts by validating user activity, enforcing remediation actions, and coordinating account security measures
Work closely with regional IT teams to verify patching efforts and confirm decommissioning of end-of- life systems
Support Microsoft Sentinel by monitoring alerts, identifying gaps in coverage, and tuning detections to reduce false positives
Use automation and AI-supported features within security tools to help prioritize alerts, reduce noise, and improve response efficiency
Apply behavioral analysis and anomaly detection techniques to identify suspicious activity and reduce time to detection
Assist in refining detection logic using data trends and insights gathered from ongoing investigations
Create and maintain alert response templates for Threatspike and Microsoft Defender to standardize handling and improve consistency
Develop and document incident response processes, including event mapping for high-priority and recurring alerts
Write and maintain SOPs for common alerts and investigations to improve team efficiency and consistency
Perform threat hunting activities using known indicators, threat intelligence, and environmental baselines to proactively identify risks
Analyze phishing emails in a sandbox environment, including those with malicious attachments, links, and QR codes
Partner with engineering and security teams to improve visibility, close detection gaps, and strengthen monitoring capabilities
Train and mentor junior analysts and new hires, providing hands-on support and guidance during onboarding
Help onboard new and senior team members by walking them through tools, processes, and day-to- day operations
Identify gaps in current workflows and suggest improvements, including opportunities to automate repetitive tasks
Stay current with emerging trends, including practical uses of AI in security operations, and apply them where they add value
Cleveland Clinic 01/2019 – 12/2023
SOC Analyst
Monitored security events across clinical and corporate systems, maintaining visibility into threats that could impact patient care and hospital operations
Triaged alerts from SIEM, EDR, DLP, and network security tools, validating true positives and driving appropriate escalation based on risk and impact
Investigated suspicious activity across endpoints, servers, and user accounts, with a strong focus on protecting PHI and other sensitive healthcare data
Led incident response activities, including containment and remediation actions such as host isolation, account lockdowns, and coordination with IT and clinical teams
Performed deep log analysis across Windows systems, network devices, and security platforms to identify anomalies and indicators of compromise
Conducted phishing investigations targeting hospital staff, analyzing email headers, attachments, and links to determine intent and scope
Worked extensively with DLP controls to monitor, investigate, and prevent unauthorized data exfiltration across endpoints, email, and cloud platforms
Reviewed and responded to data loss incidents, validating user intent and coordinating remediation with business and compliance teams
Utilized AI-driven security tools, including Cyberhaven, to detect abnormal data movement, insider risk, and sensitive data access patterns
Leveraged behavioral analytics and AI insights to prioritize alerts and uncover threats that may not be visible through traditional detection methods
Performed proactive threat hunting using threat intelligence, known indicators, and environmental baselines to identify hidden risks
Supported vulnerability management efforts by identifying exposed systems and partnering with infrastructure teams to track remediation
Collaborated with compliance, privacy, and clinical stakeholders to ensure security practices aligned with healthcare regulations and internal policies
Created and maintained SOPs and runbooks for common alert types, incident response procedures, and DLP investigations to improve team consistency
Documented incidents end-to-end, including timelines, root cause, and lessons learned, ensuring clear reporting to leadership and audit readiness
Assisted in tuning detection rules and improving use cases to reduce false positives and enhance overall SOC efficiency
Managed and administered security tools, including onboarding new log sources, maintaining integrations, and ensuring optimal performance and coverage
Participated in tool evaluations and contributed to implementation of new security capabilities, including AI-driven detection platforms
Provided on-call support and responded to high-priority incidents outside standard hours to maintain continuous security coverage
Mentored junior analysts and supported knowledge sharing across the team, helping improve investigation quality and response times
Identified gaps in monitoring and response workflows, recommending automation and process improvements to strengthen SOC operations
Ulta Beauty, INC. 02/2017- 12/2018
Cyber Security Analyst
Monitored enterprise security posture across retail, eCommerce, and corporate environments, ensuring visibility into threats impacting customer data, payment systems, and business operations
Reviewed and assessed alerts from SIEM, EDR, identity platforms, and cloud security tools, validating activity and prioritizing response based on business risk
Led investigations involving endpoint, network, and user activity, identifying suspicious behavior and determining potential impact to systems and data
Responded to security incidents from initial detection through containment and recovery, coordinating with IT, engineering, and business teams to minimize disruption
Analyzed authentication activity, access patterns, and privilege usage to identify misuse, account compromise, or unauthorized access attempts
Performed detailed log analysis across Windows, cloud services, and security platforms to uncover anomalies and confirm indicators of compromise
Investigated phishing attempts and social engineering activity targeting corporate users, validating intent and recommending remediation actions
Supported data protection efforts by monitoring sensitive data movement and investigating potential data loss scenarios across endpoints and cloud applications
Conducted proactive threat hunting using threat intelligence, behavioral patterns, and internal baselines to identify hidden or emerging threats
Contributed to improving detection capabilities by identifying gaps, refining use cases, and tuning alert logic to reduce noise and improve accuracy
Maintained clear and consistent documentation of investigations, including timelines, findings, and response actions for reporting and audit purposes
Worked closely with cross-functional teams to strengthen security controls, improve visibility, and support ongoing security initiatives
Assisted in managing and optimizing security tools, ensuring proper integrations, coverage, and performance across the environment
Developed and updated internal procedures and playbooks to support consistent handling of alerts and incidents across the team
Participated in efforts to streamline workflows, including identifying opportunities for automation and improving overall response efficiency
Stayed current on evolving threats, attack techniques, and security technologies, applying practical knowledge to day-to-day operations
REFERENCES
Available Upon Request
Contact this candidate