Darwin Panganiban
Angeles City
Summary
Experienced SOC Analyst skilled in security monitoring, incident response, and threat analysis using SIEM and EDR. Expertise in handling account compromises, triaging alerts, investigating threats, and enhancing detection through rule tuning and playbook development.
Overview
6
6
years of professional experience
1
1
Certification
Work History
SOC Analyst II (Incident Response)
Thrive Networks Inc.
Angeles
08.2023 - Current
- Lead incident response and threat hunting activities for high-priority security incidents across a client base of 400+, ensuring timely containment, eradication, and recovery.
- Investigate security alerts escalated by SOC analysts using SIEM, EDR, IDS/IPS, and other telemetry sources; validate threats, eliminate false positives, and perform root-cause analysis.
- Develop, implement, and regularly update incident response playbooks to streamline triage, investigation, and remediation workflows.
- Conduct proactive threat intelligence gathering and analysis to detect emerging threats and improve detection capabilities.
- Collaborate with cross-functional teams to ensure alignment of response strategies with organizational security goals and compliance standards.
- Perform threat hunting and vulnerability analysis using internal threat intel and external advisories, identifying gaps and recommending mitigation measures.
- Monitor, analyze, and correlate events from SIEM, network logs, and host-based systems to assess the security posture of environments.
- Work with the Security Engineering team to propose new use cases and improve detection logic based on latest TTPs (Tactics, Techniques, and Procedures).
- Provide strategic recommendations to enhance security operations and reduce incident response times.
SOC Analyst I
Thrive Networks Inc.
Angeles City
07.2023 - 08.2023
- Monitored and analyzed security events using SIEM tools across 400+ clients, identifying and responding to cybersecurity threats and incidents in real-time.
- Investigated intrusion attempts, distinguished false positives, and conducted root-cause analysis of exploits to strengthen client defenses.
- Conducted vulnerability assessments and recommended remediation actions, enhancing client security postures.
- Supported and enforced internal and external security strategies, aligning with industry best practices and compliance standards.
- Delivered security awareness training programs to client end-users, promoting a culture of cybersecurity hygiene.
- Stayed up to date on emerging threats, continuously improving monitoring processes and incident response procedures.
- Worked with tools and technologies including IDS/IPS, EDR, content filtering, firewalls, antivirus, Windows/Linux systems, and email/web gateways.
- Demonstrated expertise in TCP/IP networking, application protocols (HTTP, SMTP, DNS), and system administration across multiple platforms.
Cybersecurity Analyst
dnata Travel (Emirates Group)
Angeles City
05.2021 - 07.2023
- Responded to and investigated security incidents reported by users (phone/email/tickets) or automatically triggered via EDR (Microsoft Defender ATP) and SIEM (Splunk) using ServiceNow.
- Analyzed and triaged malicious or phishing emails, escalating confirmed threats and improving detection rules.
- Managed and resolved multiple alerts, including brute-force attacks and potential unauthorized access attempts, within defined SLAs.
- Conducted retroactive network investigations using Indicators of Compromise (IOCs) and leveraged threat intelligence tools for deeper analysis.
- Tuned security alert configurations to reduce false positives and improve detection efficiency.
- Collaborated with IT support teams to remediate identified vulnerabilities across systems and endpoints.
- Worked cross-functionally with other departments to enhance SOC workflows and operational efficiency.
L2 Support/ Application Support Analyst
dnata Travel
Angeles City
10.2020 - 05.2021
- Provided L2 support for multiple business-critical travel applications, ensuring high availability and performance.
- Acted as a liaison between business units, IT groups, and third-party vendors via calls, chat platforms, email, and ticketing systems.
- Triaged and investigated incidents using internal knowledge bases and technical expertise, escalating major issues to development teams when needed.
- Coordinated testing activities in staging environments and collaborated with support teams to validate fixes and deployments.
- Sent internal broadcasts during major outages, ensuring timely communication across stakeholders.
- Maintained up-to-date documentation, including knowledge base articles, user guides, and operational trackers in Confluence and SharePoint.
IT Service Desk Engineer
dnata Travel
Angeles City
10.2019 - 10.2020
- Monitored infrastructure and system performance using various monitoring tools, providing first-level support when thresholds were breached or services were impacted.
- Triaged incidents, coordinated with internal teams and external vendors, and issued broadcast communications and status updates during outages until resolution.
- Maintained and regularly updated the Incident Management RACI matrix, SOPs, and business process documentation.
- Escalated risks and delays in incident resolution to the team lead, ensuring prompt attention and mitigation.
- Identified recurring issues and proposed improvements through user training, process enhancements, and automation initiatives.
- Performed administrative support tasks, including managing system configurations, master data setups, business rules, and user access controls.
Education
Bachelor of Science - Information Technology
Holy Angel University
Angeles City, Pampanga04-2013
Skills
- Incident response
- Threat hunting
- Security monitoring
- Threat intelligence
- Intrusion detection
- Endpoint security
- Root cause analysis
- Critical thinking and analysis
Security Tools & Technologies
- EDR: Microsoft Defender ATP, SentinelOne, and FortiEDR
- SIEM: Splunk, Microsoft Sentinel, and FortiSIEM
- Mimecast
- Avanan
- Binalyze
- Open CTI
- Zscaler
- DNSFilter
Certification
- Microsoft Azure Fundamentals Credential ID:99124080
- Foundation Level Threat Intelligence Analyst
References
References available upon request.
Timeline
SOC Analyst II (Incident Response)
Thrive Networks Inc.
08.2023 - Current
SOC Analyst I
Thrive Networks Inc.
07.2023 - 08.2023
Cybersecurity Analyst
dnata Travel (Emirates Group)
05.2021 - 07.2023
L2 Support/ Application Support Analyst
dnata Travel
10.2020 - 05.2021
IT Service Desk Engineer
dnata Travel
10.2019 - 10.2020
Bachelor of Science - Information Technology
Holy Angel University
Similar Profiles
Sach HetlandSach Hetland
Customer Service Representative at Thrive NetworksCustomer Service Representative at Thrive Networks
Christopher EugenioChristopher Eugenio
Technical Support Engineer at SouthTech / Thrive NetworksTechnical Support Engineer at SouthTech / Thrive Networks
Julianne SwettJulianne Swett
Call Center Representative at Thrive Networks IncorporatedCall Center Representative at Thrive Networks Incorporated
Fe ObsidFe Obsid
Customer Service (T-Mobile) at iQor PhilippinesCustomer Service (T-Mobile) at iQor Philippines
Phil Norman I. PinedaPhil Norman I. Pineda
Team Leader at The Card AssociationTeam Leader at The Card Association