SOC Analyst

Talha Majeed Khan

SOC Engineer Security Automation Threat Detection & Response

************@*******.*** LinkedIn CompTIA Security+ Certified (SY0-701) Parlin, NJ(Open for Relocation)

PROFESSIONAL SUMMARY

Security-focused SOC Engineer with hands-on experience building and improving security operations workflows across SIEM, EDR, and vulnerability management platforms. Skilled in automating alert triage, streamlining remediation workflows, integrating security tooling, and improving detection coverage across enterprise Windows and Linux environments. Experienced with Splunk, Microsoft Sentinel, CrowdStrike Falcon, and Microsoft Defender for Endpoint, with a strong engineering foundation in Python, REST APIs, and automation scripting. Adept at reducing manual investigation effort, tuning detections, and supporting incident response operations at scale. CompTIA Security+ certified with a B.S. in Computer Science. TOOLS & TECHNOLOGIES

SIEM / Detection: Splunk, Microsoft Sentinel, IBM QRadar Endpoint Security: CrowdStrike Falcon, Microsoft Defender for Endpoint, Carbon Black Automation / Scripting: Python, REST APIs, Flask, Git, Docker Vulnerability Management: Nessus, Qualys, OpenVAS

Ticketing / ITSM: ServiceNow

Network / Security Tools: Nmap, Wireshark, Burp Suite, Metasploit Frameworks: MITRE ATT&CK, NIST CSF, CVE/CVSS, CIS Controls, Zero Trust Cloud / Identity: Microsoft Azure, RSA MFA

Operating Systems: Windows Server, Linux (Ubuntu/CentOS) Other: Java, JavaScript, Oracle SQL, PL/SQL,Python, C++ PROFESSIONAL EXPERIENCE

SOC & Vulnerability Analyst DefendIT Security Oct 2025 – Present

• Engineered and improved security alert triage workflows in Splunk and Microsoft Sentinel, reducing analyst investigation time and improving response consistency for brute-force, privilege escalation, and lateral movement alerts.

• Automated alert enrichment and remediation routing workflows using ServiceNow, accelerating incident assignment and reducing manual triage effort.

• Tuned CrowdStrike Falcon and Microsoft Defender for Endpoint policies to improve detection fidelity and reduce false positives across enterprise endpoints.

• Integrated vulnerability findings from Nessus and Qualys into remediation workflows, prioritizing critical CVEs based on severity, exploitability, and MITRE ATT&CK mapping.

• Developed repeatable processes for IOC validation, incident enrichment, and escalation, improving MTTD and analyst efficiency.

• Enforced endpoint security controls including AES-256 encryption, firewall hardening, and endpoint policy tuning to strengthen enterprise defense posture.

• Validated remediation actions and coordinated SLA-based vulnerability closure using ServiceNow workflows.

Cybersecurity Consultant Rogue Armor Dec 2024 – Oct 2025

• Delivered vulnerability assessment and remediation programs using Nessus and OpenVAS, improving visibility into exploitable risks across client environments.

• Automated remediation tracking workflows and standardized reporting processes, reducing manual remediation coordination.

• Supported endpoint detection and response deployment initiatives, improving security visibility and alert coverage across managed systems.

• Participated in malware incident triage and endpoint isolation efforts, supporting containment and investigation activities triggered by EDR alerts.

• Tuned endpoint security policies to improve signal-to-noise ratio and strengthen preventative controls.

• Implemented endpoint hardening measures including USB restrictions, encryption enforcement, and password policy controls.

Oracle Technical Consultant PwC Sep 2024 – Sep 2025

• Built secure enterprise applications and REST API integrations, improving automation and secure data exchange between internal systems.

• Developed PL/SQL packages and backend integrations supporting scalable enterprise workflows and secure access control.

Software Developer Intern JobDiva Inc. Jul 2023 – Aug 2023

• Built automation features for enterprise SaaS workflows, including report scheduling and backend process improvements.

• Developed Java and JavaScript production enhancements in Agile environments, improving system efficiency and workflow automation.

SECURITY PROJECTS

SOC Automation & Threat Monitoring Lab

• Built a home lab using Splunk to simulate brute-force, malware, and lateral movement attacks.

• Developed alert triage workflows for IOC enrichment, investigation, and escalation based on MITRE ATT&CK techniques.

• Automated portions of the investigation workflow using Python scripts to improve alert context visibility. Vulnerability Management Automation Lab

• Automated vulnerability scan parsing and remediation prioritization workflows using Nessus outputs and severity-based logic.

• Validated remediation effectiveness and tracked SLA closure metrics for identified vulnerabilities. CERTIFICATIONS

CompTIA Security+ CE (SY0-701) — Active

EDUCATION

Bachelor of Science in Computer Science

National University of Sciences and Technology (NUST) May 2024

Contact this candidate