Overview
Introduction
Hello! I'm Muhammad Rafay Ali, a Cyber Security Engineer with 2+ years of hands-on experience in SOC operations, SIEM engineering, threat detection, incident response, and security hardening. Deployed and tuned security platforms across multi-server enterprise environments, cutting undetected threat windows by 35% and false positive rates by 45%.
I specialize in SOC Operations, SIEM Engineering, and Threat Detection & Response, with expertise in ISO 27001, NCA-ECC, CIS Benchmarks, and MITRE ATT&CK frameworks.
Actively sharpening offensive and defensive skills through TryHackMe and continuous lab-based research, translating attack techniques into practical detection and response strategies. Certified in ISO/IEC 27001 Lead Auditor, ISC2 CC, SOC Foundations, and Google Cybersecurity Professional programs. Seeking to deliver managed security excellence in SOC/MSSP environments.
"Let's collaborate to bring your secure infrastructure to life!"
Work Experience
Cyber Security Engineer
Encbit
- Managed Wazuh SIEM deployments across 5+ client environments, authoring 15+ custom detection rules and decoders that improved log ingestion accuracy by 30% across 50+ monitored assets.
- Conducted OSINT-driven attack surface analysis using Google Dorking, WHOIS, and Shodan identifying and coordinating remediation for 10+ exposed assets while triaging 200+ daily security events.
- Maintained continuous offensive/defensive research through TryHackMe labs and MITRE ATT&CK-grounded techniques, directly informing real-world detection engineering decisions.
Cyber Security Analyst
Cyber Silo
- Engineered custom SIEM detection rules and log parsers on Wazuh and Threat Hawk, increasing detection fidelity by 40% while resolving agent misconfigurations to restore 99% log integrity.
- Automated compliance mapping workflows by correlating ISO 27001, NCA-ECC, and SAMA controls via Python scripting, cutting manual alignment effort by 60% and building CIS hardening templates for FortiGate, Cisco, and pfSense firewalls.
- Validated threat detection coverage by simulating 20+ MITRE ATT&CK scenarios via Atomic Red Team, verifying rule accuracy and identifying critical coverage gaps across monitored infrastructure.
SOC Analyst
Cyber Silo (Client: Allama Iqbal Open University)
- Spearheaded SIEM deployment across 30+ servers and endpoints, managing Wazuh EDR with MITRE ATT&CK-mapped rules to close 35% of previously unmonitored attack surfaces.
- Reduced false positives by 45% through systematic rule optimization and threat intelligence alignment, while performing real-time IOC analysis, log correlation, and root cause analysis across all telemetry sources.
- Designed incident response playbooks for containment, remediation, and escalation workflows cutting MTTR from 30+ minutes to under 10 minutes across the monitored environment.
Academic Background
BS Computer Science
Key Courses
Areas of Focus
Technical Skills
SIEM & SOC
Threat Detection & Response
Offensive Security
VAPT & Exploitation
OS & Cloud
Infrastructure & Hardening
Governance
GRC & Standards
Security Ops
IR & Engineering
Automation
Scripting & DevOps
Professional Certifications
Certified in Cybersecurity (CC)
ISC2 · 2024
ISO/IEC 27001:2022 Lead Auditor
MasterMind · 2025
SOC Analyst Foundation
SIEM XPERT · 2024
Cybersecurity Specialization
Google · 2023
Security Analyst Fundamentals
IBM · 2023
ISO/IEC 27001:2022 Information Security Associate
SKILLFRONT · 2024
Ethical Hacking & Penetration Testing
Udemy · 2023
Linux 100
TCM Security · 2024
Active Lab Profile | Red/Blue Team Practice
TryHackMe · 2019 - Present
Featured Projects
Scroll to explore
Active Directory Attack Simulation & Hardening
securityEmulated post-exploitation techniques in a Windows AD lab using Atomic Red Team, Mimikatz, and PowerShell. Integrated Wazuh SIEM to detect 20+ MITRE-mapped TTPs and performed CIS-based hardening, achieving 80% compliance improvement.
ThreatHawk SIEM Deployment & Custom Detection Engineering
securityDeployed ThreatHawk and Wazuh SIEM across multi-vendor enterprise environments. Built 30+ custom detection rules and log parsers for Huawei routers, WatchGuard firewalls, TrendMicro EDR, CrowdStrike, and spyware/grayware events. Reduced false positives by 45% through systematic rule tuning.
GCC Compliance Mapping Automation
securityBuilt a compliance mapping framework with Python scripts that cross-reference ISO 27001 controls against NCA ECC, SAMA CSF, ADHICS, PDPL, UAE IA, and Bahrain NCSC. Scripts auto-detect existing ISO controls in rules and append matched regional framework controls from a master spreadsheet, cutting manual mapping effort by 60%.
NoxShield SIEM
securityFull-featured security operations dashboard with live Wazuh API integration, geolocation attack maps, MITRE ATT&CK visualization, and compliance tracking (PCI-DSS, HIPAA, NIST). Backed by SQLite with auto-refreshing data pipelines.
Multi-Sensor Intrusion Detection IoT
developmentIoT security solution using ESP32, motion/gas/fire sensors, and ESP32-CAM. Engineered a Flutter + Firebase mobile app for real-time alerts, improving response time by 60%.
Impact Insights
Numbers from real SOC deployments and security engineering work
Password Auditor
Password analysis checks against Have I Been Pwned database (11+ billion breached passwords).
Security Checklist
Interactive Terminal
Try commands like help, whoami, or skills
Get In Touch
Let's Connect
I'm open to discussing SOC operations, SIEM engineering opportunities, and security consultation.
