I'm an Auckland-based security practitioner with hands-on experience in alert triage, log analysis, network forensics, and threat detection - built through 20+ structured SOC investigations, each documented end to end.
EROAD's Security Analyst position maps directly to the work I've been training for: monitoring and triaging alerts across detection platforms, supporting incident response from investigation through to post-incident review, and maintaining the documentation that underpins compliance. My SOC lab work has been deliberate practice for exactly this.
A genuine curiosity for how attacks work and how to stop them, paired with the discipline to document every investigation thoroughly. Behind the security study sits real IT operations experience across Windows, Active Directory, Microsoft 365, and cloud platforms - so I understand the systems I'd be protecting from the inside.
Full writeups with methodology, screenshots & findings → github.com/Aryaghaem/tryhackme-scripts-labs
Identified C2 beaconing patterns in network logs, isolating regular callback intervals and anomalous outbound traffic indicative of an active channel.
Detected malicious registry run-key modifications and startup folder entries used to maintain access across reboots, tracing the full persistence mechanism.
Investigated attacker-created Windows services and scheduled tasks, distinguishing them from legitimate system activity through event log analysis.
Used Wireshark to surface DNS exfiltration - high-entropy subdomains, abnormal query lengths and frequency - and reconstructed the data leakage path.
Detected ARP cache poisoning, traced intercepted credentials through the man-in-the-middle position, and documented the complete attack chain.
Identified Log4j RCE exploitation in network traffic - JNDI lookup strings, outbound callbacks, and post-exploitation indicators of compromise.
Traced phishing-delivered malware through Sysmon process creation events, network connections, and file-drop artefacts to map the execution chain.
Detected post-compromise discovery activity - net commands, whoami, and ipconfig abuse - correlating events to identify the attacker's enumeration phase.
I'm applying for the Security Analyst position at EROAD and would welcome the chance to discuss how I can contribute to your team.