Bilal Frasni

SOC Analyst N3 specializing in the investigation and processing of cybersecurity incidents in Microsoft 365, Exchange Online, Entra ID, and user endpoint environments.

I handle incidents related to phishing, account compromises, suspicious logins, malicious links, EDR alerts, abnormal email behavior, and suspected identity theft.

My responsibilities include alert qualification, Microsoft 365 / Entra ID / Exchange Online log analysis, event correlation, identification of indicators of compromise, and implementation of remediation actions: password resets, session/token revocation, blocking malicious URLs, and security recommendations.

I also perform technical analysis of fraudulent emails: headers, links, domains, attachments, SPF/DKIM/DMARC, and indicator reputation using threat intelligence sources.

In parallel, I contribute to the continuous improvement of the SOC through the creation of Elastic/Kibana queries and dashboards, KPI monitoring, ticket categorization, and standardization of analysis procedures.

I also develop internal SOC-oriented automations, particularly to facilitate log analysis, incident response assistance, alert enrichment, and report generation using scripts, workflows, and AI-integrated tools.

Environment: Microsoft 365, Entra ID, Exchange Online, Defender for Office 365, Bitdefender EDR, Elastic/Kibana, Retarus, VirusTotal, Snowflake, DNS, SPF/DKIM/DMARC, threat intelligence, SOC automation, AI applied to cyber analysis.

SOC Analyst N1/N2 (work-study program). I participated in the supervision, qualification, and processing of security alerts in a SOC environment.

My responsibilities primarily involved analyzing suspicious events, qualifying incidents, tracking security tickets, and contributing to initial response actions. I worked on topics related to detection, event correlation, incident documentation, and improvement of SOC operating procedures.

I specifically used Microsoft Sentinel for security monitoring, event correlation, incident tracking, and improving detection capabilities. I contributed to the creation and adaptation of alert rules, workflows, and playbooks to automate certain incident processing steps.

These automations facilitated triage, alert enrichment, notification, escalation, and standardization of incident responses. The goal was to improve SOC responsiveness, reduce repetitive manual actions, and ensure reliable operational alert processing.

I also participated in procedure documentation, cybersecurity watch, and continuous improvement of detection and incident response practices.

Environment: Microsoft Sentinel, alert rules, Sentinel incidents, playbooks, workflows, SOC automation, alert analysis, triage, event correlation, documentation, incident response.