Rahul M
Vancouver,Canada
Summary
Cybersecurity Analyst with over 3 years of progressive experience across 24x7 SOC environments, enterprise incident response, and secure software development. Skilled in using Microsoft Sentinel, Splunk, Defender for Endpoint, and QRadar to detect, investigate, and respond to cyber threats. Experienced in threat hunting, log correlation, IOC analysis, and endpoint/network monitoring using MITRE ATT&CK framework. Demonstrates strong communication skills through regular reporting and customer interactions, with a proven ability to provide actionable recommendations and reduce incident dwell time. Adept at working in high-pressure, on-call environments and continuously improving detection capabilities. Holds a Master’s in Applied Computer Science and certifications including Security+, Microsoft SC-200, and Azure Fundamentals.
Overview
4
4
years of professional experience
1
1
Certification
Work History
Cyber Security Analyst
Central 1
08.2024 - Current
- Investigate and analyze logs from endpoints, servers, and firewalls using Microsoft Sentinel and Defender for Endpoint to detect obfuscation techniques, persistence mechanisms, and privilege escalation attempts.
- Actively respond to customer-specific cyber threats and incidents, ensuring containment, eradication, and communication of RCA reports with remediation guidance.
- Collaborate with customer IT/security teams via ServiceNow and Slack to follow up on incidents, confirm resolution status, and provide actionable recommendations for hardening.
- Perform Windows event log analysis (IDs 4624, 4688, 4769, 4720) and Linux syslog reviews to trace threat paths and validate security alerts.
- Conduct weekly threat hunts leveraging MITRE ATT&CK and IOC watchlists to identify potential threats that bypass signature-based defenses.
- Participate in SOAR playbook development and testing to automate alert enrichment, IP blocking, and endpoint containment actions, reducing analyst response time by 30%.
- Track vulnerability findings from Nessus and Qualys, confirm patch application via PowerShell queries or config checks, and report on closure metrics.
- Develop custom KQL queries to improve threat visibility and reduce noise from false positives by over 20%.
- Document threat investigations and escalate findings with business impact analysis to customer executives and security teams.
- Provide out-of-hours support on a rotation basis (nights/weekends), ensuring timely triage and response within a 24x7 MDR model.
Risk and SOC Level 1 Analyst
Innovcentric
09.2022 - 04.2023
- Managed day-to-day monitoring and triage within a 24x7 SOC using Splunk and QRadar, supporting over 100 customer assets including endpoints, proxies, and cloud connectors.
- Investigated alerts related to phishing, account compromise, and lateral movement using IOC feeds and MITRE-aligned playbooks.
- Created correlation rules to identify patterns of suspicious user behavior, RDP brute-force attempts, and repeated logon failures, increasing detection rates for internal threats.
- Interfaced with clients through incident reports and collaborative sessions to explain incident scope, RCA, and continuous improvement suggestions.
- Validated authentication anomalies by analyzing VPN, AD, and Duo/MFA logs across multi-site environments.
- Mapped events to MITRE ATT&CK techniques and supported use case expansion efforts during tuning sessions.
- Assisted compliance teams in collecting and archiving logs for PCI DSS readiness and coordinated with internal GRC stakeholders.
- Authored and updated standard playbooks for phishing, malware, and privilege misuse cases to streamline shift transitions and junior analyst training.
- Participated in daily shift handovers and peer reviews, helping maintain operational consistency and situational awareness.
- Provided weekend on-call support and handled high-priority alerts under limited supervision with SLA-focused resolution.
Software Engineer
NCR Corporation
02.2021 - 08.2022
- Developed secure banking applications in Java (Spring Boot) with built-in audit logging and RBAC, enhancing traceability of sensitive actions.
- Integrated log output with Splunk and custom dashboards to support SOC detection of anomalous activities such as abnormal session lengths or unauthorized updates.
- Automated the processing of log data using Python and PowerShell, supporting internal IT security with quick triage scripts for IOC lookups and basic regex matching.
- Queried PostgreSQL and SQL Server databases to validate transaction records and verify access history during internal reviews.
- Assisted in patch management by deploying and validating CVE mitigations, coordinating with QA for regression testing.
- Reviewed and maintained Group Policy objects in AD for dev and QA environments, enforcing least privilege principles.
- Deployed applications in Docker containers, aligning with secure SDLC and DevSecOps practices.
- Shadowed SOC engineers on SIEM rule configuration, gaining exposure to detection logic and event normalization.
- Authored SOPs for secure deployment, event log validation, and troubleshooting high-volume API endpoints.
- Participated in security training and workshops, enhancing knowledge of Windows hardening, authentication flows, and OWASP practices.
Education
Master of Science - Applied Computer Science
Fairleigh Dickinson University
Vancouver, BC07.2024
Skills
- SIEM Tools: Microsoft Sentinel, Splunk, IBM QRadar
- EDR & Endpoint Security: Microsoft Defender for Endpoint, CrowdStrike Falcon, McAfee (VSE, HIPS, HDLP)
- Vulnerability & Risk Tools: Qualys, Nessus, GRC Archer, PCI DSS
- IDS/IPS & VPN: Cisco IDS, McAfee IPS, FortiClient VPN
- Firewall: CheckPoint NGFW
- Detection & Response: MITRE ATT&CK, Cyber Kill Chain, IOC Analysis, SOAR Workflow Execution
- Penetration Testing: Kali Linux, Nmap, Wireshark, OWASP ZAP, Metasploit
- OS Platforms: Windows Server/Workstation, Linux (Ubuntu, CentOS), UNIX, macOS
- Networking: TCP/IP, DNS, DHCP, VLANs, SMTP, HTTP/S, FTP, POP, LDAP, IPv4/IPv6, Routing, Switching
- Scripting & Development: Python, PowerShell, Java (Spring Boot), SQL (PostgreSQL, SQL Server)
- Cloud & Productivity: Microsoft Azure, Excel, Word, PowerPoint, SharePoint, Outlook
- Access Management: Active Directory, Group Policy, Role-Based Access Control (RBAC)
Certification
- CompTIA Security+
- Microsoft Certified: Security Operations Analyst Associate (SC-200)
Additional Details
- Participated in national-level hackathons, including the NCR Hackathon and Smart India Hackathon, gaining exposure to innovative technical solutions.
- Volunteered as a mentor in coding and cybersecurity workshops, guiding students and peers on secure development and SOC fundamentals.
- Stay updated on emerging threats and cybersecurity trends by following CrowdStrike threat reports, CISA alerts, SonarSource vulnerability disclosures, and MITRE ATT&CK updates.
- Actively monitor LinkedIn feeds, Reddit communities, and blogs from BleepingComputer and other security research groups.
- Participate in CTF challenges on platforms like Hack The Box, and engage in SOC knowledge-sharing sessions to build practical detection and response skills.
Timeline
Cyber Security Analyst
Central 1
08.2024 - Current
Risk and SOC Level 1 Analyst
Innovcentric
09.2022 - 04.2023
Software Engineer
NCR Corporation
02.2021 - 08.2022
Master of Science - Applied Computer Science
Fairleigh Dickinson University
Similar Profiles
Sai Sandeep VangaSai Sandeep Vanga
Senior Software Engineer at Central 1Senior Software Engineer at Central 1
Ambika KumarAmbika Kumar
Business Analyst - Payments and Stakeholder Management at CENTRAL 1Business Analyst - Payments and Stakeholder Management at CENTRAL 1
Brian LillyBrian Lilly
Manager, Capital and Regulatory Reporting at Central 1 Credit UnionManager, Capital and Regulatory Reporting at Central 1 Credit Union
ZI WANGZI WANG
Operations Associate at Meta Doors & Finishing ProductsOperations Associate at Meta Doors & Finishing Products
Dominic MidgleyDominic Midgley
Demos Producer (North America) at PHMGDemos Producer (North America) at PHMG