TEYMUR
l1 soc analyst - incident monitoring & response
Male28 y/oNetwork/Information Security Network EngineerLive in AzerbaijanNationality Azerbaijan
Share
Summary
SOC analyst with 4+ years of Blue Team experience in a PCI-DSS-regulated bank. Handle 200+ security alerts per shift across IBM QRadar (SIEM), Cortex XDR, Trend Micro Deep Security, IBM Guardium and Forcepoint DLP; investigate phishing, malware, brute-force, lateral movement and data exfiltration, mapping alerts to MITRE ATT&CK and escalating with full evidence and IOCs. Hands-on with Azure and AWS audit logs. CompTIA CASP+ and CySA+ certified. Open to roles in China with work-visa sponsorship (any role considered) or remote security positions.
Work experience
l1 soc analyst - incident monitoring & response
PASHA Bank OJSC2021.07-Current(5 years)One of the largest commercial banks in Azerbaijan. 16-person SOC organization (L1/L2 analysts, security engineers, team leads) operating 24/7 with single-analyst rotating shift coverage. • Independently handle 200+ security alerts per morning shift as the sole on-shift analyst, maintaining an average response time under 4 minutes and meeting SLA targets without team support during shift hours. • Triage and investigate incidents across the full enterprise security stack: IBM QRadar (primary SIEM), Cortex XDR (EDR), Trend Micro Deep Security (anti-malware, DDI sandbox), IBM Guardium (database activity monitoring), Forcepoint DLP, and FortiGate / Palo Alto firewalls. • Work with alerts mapped to the MITRE ATT&CK framework across multiple tactic categories — Initial Access, Execution, Credential Access, Discovery, Lateral Movement, Defense Evasion, and Exfiltration — enabling threat-informed prioritization. • Investigate phishing emails, malicious artifacts, suspicious domains, and IP reputation using OSINT, X-Force Threat Intelligence, sandbox detonation, and internal tooling; deliver precise remediation recommendations based on full root-cause analysis. • Operate against documented playbooks to ensure consistent, repeatable response across the SOC; escalate qualified incidents to L2/L3 with comprehensive evidence, timelines, and IOCs. • Review and triage PCI DSS-scoped alerts, supporting the bank's compliance posture and ensuring incidents afecting cardholder data environments receive priority handling. • Monitor DLP, EPM, and database activity events to identify data exfiltration atempts, unauthorized access, insider risk indicators, and policy violations across the enterprise. • Handle detections across hybrid cloud environments — Azure (Entra ID, sign-in logs, conditional access), AWS, and GitHub — including impossible-traveler, privileged login, and configuration-change scenarios. • Onboard and mentor new SOC analysts joining the team — walking them through tooling, alert handling workflows, escalation procedures, and shift handover practices. • Maintain detailed incident documentation in Jira and contribute to knowledge-base articles to reduce mean time to resolution (MTTR) and standardize response across shifts.
Educational experience
Georgian Technical University, Tbilisi, Georgia
Mining and Oil & Gas Technologies2015.09-2019.06(4 years)Bachelor of Science in Mining and Oil & Gas Technologies, Georgian Technical University.
Certificates
Cybersecurity Professional Bootcamp — HackerU (2021)
Cloud Computing Concepts — Skillsoft (2025)
SOC Level 2 Certificate — TryHackMe (2023)
CompTIA CySA+ — Cybersecurity Analyst (2024)
CompTIA SecurityX (CASP+) — Advanced Security Practitioner (2026)
Resume Search
Nationality
Job category
City or country
Sort by
Contact way
99****7751
te**@**om
*****
*****Membership will unlock the resume
Also view
