bm@soc:~#

soc_analyst

>_Bilal
Mahmud

Aspiring SOC Analyst defending enterprises against evolving threats — triaging alerts, hunting adversaries through logs, and turning telemetry into decisive incident response.

./contact --initscroll ↓
status: available for engagements

Defending Systems,
responsibly.

Passionate about defending organisations against adversaries through threat monitoring, incident response, and security analysis — focused on identifying and containing risks before they cause harm.

About

//Security-first thinking, intelligence-driven defence.

An aspiring SOC Analyst with four years supporting enterprise Windows and macOS environments, now specialising in threat detection and incident response. I triage alerts, analyse logs, and escalate using SIEM and EDR workflows mapped to MITRE ATT&CK — with strong SLA-driven ticketing discipline.

Comfortable with Microsoft Defender for Endpoint, Event Viewer, O365 / Azure sign-in logs, Wireshark, and KQL / SPL basics. I isolate endpoints, collect evidence, and write clear incident reports — bringing a service-desk mindset to reduce false positives and improve MTTD / MTTR across the SOC.

4+
Years IT Experience
3
Certifications
20+
Incidents Triaged
MITRE
ATT&CK Aligned

Experience

//Where I've worked & what I've built.

Sep 2025 – Dec 2025

Cyber Security Practitioner

CAPSLOCK · Remote

  • Completed CIISec/CREST-accredited SOC bootcamp covering incident response, GRC, forensics, and offensive security.
  • Built and tuned SIEM detections in Microsoft Sentinel and Splunk; investigated alerts via KQL/SPL and mapped findings to MITRE ATT&CK.
  • Led incident handling end-to-end: triage, containment, evidence collection, MTTD/MTTR improvement.
  • Practiced vulnerability assessment, remediation, and ISO 27001 / SOC 2 alignment.
Sep 2021 – Sep 2025

IT Technician

Harris Federation · London

  • Monitored and triaged SIEM/EDR alerts, correlating Windows / O365 / Azure data; managed tickets in ITSM Halo with MITRE ATT&CK playbooks.
  • Drove SLA-based incident handling: classified severity, contained endpoints via isolation/quarantine, coordinated with L3 and engineering.
  • Performed root-cause analysis on recurring incidents and produced corrective actions and workarounds.
  • Tuned detection rules to reduce false positives and improve overall SOC signal quality.
Nov 2017 – Aug 2020

Customer Advisor

Argos · London

  • Front-line support across phone and in-person channels; resolved escalations within SLA targets.
  • Reconciled shortages and discrepancies with suppliers, producing audit-ready documentation.

Tools I use

//Technologies I work with every day.

Select a tool to learn more

Technical Skills

//Tools I work with.

SIEM & Detection

  • Microsoft Sentinel
  • Splunk
  • KQL
  • SPL
  • Log Correlation

EDR & Endpoint

  • Microsoft Defender for Endpoint
  • Host Isolation
  • Event Viewer
  • Endpoint Forensics

Cloud & Identity

  • Azure Security
  • Entra ID Sign-in Logs
  • O365
  • Conditional Access

Network Analysis

  • Wireshark
  • IDS / IPS basics
  • Firewall Log Review
  • TCP/IP

Frameworks

  • MITRE ATT&CK
  • NIST CSF
  • ISO 27001
  • SOC 2

Operations

  • Incident Response
  • SLA-driven Ticketing (Halo)
  • Root Cause Analysis
  • Playbook Authoring

Certifications

//Validated expertise & credentials.

Contact

Let's work together.

Open to SOC Analyst, Cyber Defence, and Incident Response roles. Based in South West London — available across the UK & remote.

Email
bilal_mahmud@outlook.com
GitHub
/Disclozure →
LinkedIn
/in/bilal-mahmud →