salsabil moumni
@salsabilmoumni
I’m an L1 SOC Analyst and cybersecurity engineer focused on incident response, alert triage, and detection improvements.
TunisiaWhat I'm looking for
I’m an L1 SOC Analyst and cybersecurity engineer with hands-on experience in 24/7 security monitoring, alert handling, and initial triage of security events using SIEM and XDR platforms. I focus on assessing alert severity, documenting findings in ticketing systems, and escalating issues to Tier 2 teams using SOC runbooks and operational procedures.
At DefensyLab, I performed initial alert triage and handled 20–30 daily security alerts, investigating IOCs like malicious IPs, suspicious process trees, and phishing artifacts. I mapped confirmed threats to MITRE ATT&CK TTPs with full escalation documentation, and I helped reduce false positives by tuning KQL analytic rules based on recurring noise patterns.
I also built and automated security workflows—designing and deploying an MDR/SOC platform with Laravel, Vue.js, and Wazuh SIEM/XDR, and creating analyst dashboards for real-time log analysis and incident tracking. Through my security projects, I authored 15+ custom Azure Sentinel (KQL) detection rules and automated enrichment, IOC lookup, and containment using a SOAR pipeline (Wazuh, Shuffle, TheHive, Cortex).
I’m particularly motivated by improving detections and response capabilities. From penetration testing with tools like Nmap, Metasploit, Nessus, and SQLmap to AI-assisted phishing detection using Splunk, n8n, and a GPT API, I bring a practical, continuous-learning mindset—backed by SOC-focused certifications and my AZ-500 work in progress.
Experience
Work history, roles, and key accomplishments
SOC Analyst (Part-Time)
DefensyLab
May 2025 - Sep 2025 (4 months)
Handled initial triage and escalation of 20–30 daily security alerts in a 24/7 SOC, assessing severity and business impact. Tuned KQL analytic rules to reduce false positives by an estimated 20% and mapped confirmed threats to MITRE ATT&CK TTPs with complete escalation documentation.
Cybersecurity Engineer Intern
DefensyLab
Feb 2025 - Jul 2025 (5 months)
Designed and deployed an MDR/SOC platform using Laravel, Vue.js, and Wazuh SIEM/XDR with integrated automated detection rules and SOAR workflows. Built analyst dashboards for real-time log analysis, vulnerability monitoring, and incident tracking across monitored endpoints.
Penetration Testing Intern
ST2i
Jul 2024 - Aug 2024 (1 month)
Conducted web application security assessments using Nmap, Metasploit, Nessus, and SQLmap. Documented discovered vulnerabilities with CVSS ratings and provided remediation recommendations.
Education
Degrees, certifications, and relevant coursework
National Engineering School of Tunis
Bachelor of Engineering, Telecommunications
Bachelor of Engineering in Telecommunications at the National Engineering School of Tunis, graduated in September 2025.
Availability
Location
TunisiaAuthorized to work in
Job categories
Skills
Interested in hiring salsabil?
You can contact salsabil and 90k+ other talented remote workers on Himalayas.
Message salsabilFind your dream job
Sign up now and join over 100,000 remote workers who receive personalized job alerts, curated job matches, and more for free!
