Jawwad Syed Security Ops.
SOC analyst with deep enterprise experience in threat detection, incident investigation, and response. Currently building toward detection engineering and security automation roles where analysis translates directly into better coverage.
Hands-on work.
Built from real SOC experience. Each project reflects something I actually do, or wish existed, in day-to-day security operations work.
Practice triaging realistic security alerts across four difficulty levels. Make TP/FP decisions and get detailed analyst-level explanations for each scenario.
Three sanitised investigations from real SOC work: a phishing email that bypassed every filter, LOLBin execution via mshta.exe, and email bombing as a distraction during account compromise.
Look up IPs, domains, and file hashes against mock threat intelligence. Risk scoring, first/last seen timestamps, and related activity timelines to demonstrate the enrichment workflow.
Test your SOC knowledge across domains and difficulty levels. 48+ questions per bank with rotation, instant explanations, and a downloadable certificate of completion.
Representative Activity
Large Enterprise Environment
The stack I work in.
Not a certification list. These are the platforms and tools I use daily in a production enterprise environment.
Handle escalated alerts requiring deep analysis: process chain review, lateral movement checks, privilege escalation patterns, and multi-stage attack reconstruction. Building a complete picture of what happened, not just closing tickets.
Daily hands-on work in CrowdStrike Falcon and Microsoft Defender for Endpoint. Reviewing execution chains, isolating hosts, killing processes, and quarantining files at enterprise scale across 8,700+ endpoints.
End-to-end investigations using Proofpoint and Defender for O365: header analysis, link detonation, attachment sandboxing, user scope assessment, credential exposure checks, and coordinating bulk remediation.
Working with SIEM detection rules in Splunk and Sentinel to reduce false positive noise. Documenting where rules over-trigger or miss coverage. Contributing detection improvements aligned to MITRE ATT&CK.
Building Python and PowerShell scripts to automate repetitive investigation steps and IOC lookups. Producing written incident reports for escalated cases with clear timelines, affected scope, and remediation recommendations.
What I bring to the table.
I started in IT support, the kind of role where you develop a practical instinct for how systems actually behave under pressure. That foundation made the move into security operations a natural fit. I understand the infrastructure I'm defending, not just the alerts firing on top of it.
Over the past several years I've worked as a SOC analyst at enterprise scale: 8,700+ endpoints, 76,000+ alerts investigated, three different EDR platforms, two major SIEMs. The experience has built a pattern recognition that doesn't come from courses or labs.
The work I'm focused on now sits upstream from triage: writing detection content that actually catches attackers rather than generating noise, building automation that removes manual steps from the investigation pipeline, and developing threat hunting capability that finds what the ruleset misses.
Get in touchWhere I'm focused
Senior SOC Analyst, Detection Engineer, Threat Hunter, Security Automation Engineer. Roles where deep investigation experience directly improves security posture.
IT roots, security trajectory
IT support to enterprise SOC. Built the infrastructure intuition first, then applied it to security. The combination is harder to find than either alone.
Enterprise scale
Retail enterprise: 8,700+ endpoints, high alert volume, mature security stack, cross-functional collaboration with IT, networking, and IR teams.
Google Cybersecurity Professional Certificate · CompTIA Security+ (in progress)
Let's talk.
If you're building a detection engineering team, scaling a SOC, or need someone who can bridge analysis and automation, reach out.