Mar 2025 – Present · 1 yr

Apr 2021 – Mar 2025 · 3 yrs 11 mos

• LLM Strategist for SOC: Investigation, Detection, and Hunt
• Working on Hunt@Scale framework based on team requirement. The idea is to onboard hunt queries quickly and store hunting results with user behaviors so that in long term we can create timeline and identify patterns. Completed POC stage and currently onboarding more hunting hypothesis.
• Working on IaM (Identity Anomaly Detector) which is based on UEBA. The idea is to generate investigative points/features based on user daily activity and the flag anomalies. The backbone of this idea is our core knowledge in Tenant investigation and security incidents knowledge.
• On day-to-day basis we do investigations of customer tenant compromise. Identify fraud vs abuse scenarios and report to respective teams.
• Investigation in security incidents and pen test activities. Identified critical information and shared same with service teams.
• Part of hunting in Azure DevOps to identify risks in Supply Chain.

Mar 2020 – Mar 2021 · 1 yr

• Integral part in reviewing and providing mission critical feedback for in-house next generation SIEM (Project X) Analytics engine, ADO detection deployment pipeline, detection deployment platform like RxKQL, Kusto Detection Queries and ARIS from Detection program perspective.
• Worked on an Alert Scoring model to increase fidelity of alerts. Worked upon end-to-end modular architecture which can be easily integrated with any platform used by SOC. Idea is to assign weighted score to alert in near real time based on deterministic investigative points which will help analyst to decide fidelity of alerts and low risk of missing malicious activity.
• Experience in performing exploratory analysis on customer service telemetry and proposed monitoring scenarios out of it.

Sep 2018 – Feb 2020 · 1 yr 5 mos

• Built and operationalize Threat Hunting program from scratch for one of the complex environments involving more than one Lac Windows Servers including Physical and Cloud Based Machines.
• Worked in Collaboration with Data Science Teams to Provide Use Cases from Security Monitoring Perspective and performed testing of newly deployed Data Science Models and further facilitated onboarding the Same to SOC Monitoring.
• Involved in development of one of the Market Leading EDR Technology Windows ATP. Provided analysis related Requirements to ATP Product Group, tested their features and Provided Feedbacks, Suggested New Functionalities, created some of Advance Threat Hunting Queries.
• Solving Information Security Problems using Data Science & Machine Learning. Evaluated TSR Model on Windows (Logon Anomaly, Process command line switch) and Zeek (Data Exfiltration) Events to detect adversaries and tried to use NLP to detect command line switch-based anomaly.

Sep 2017 – Aug 2018 · 11 mos

• Expertise in Identifying Risks and working on Remediation of Risk across Company.
• Part of Detection Program (Identifying new Detection Opportunities, Detection based on Customer Requirements, Detection Onboarding, Detection Testing), Threat Hunting and Security Operations for Microsoft Cloud and AI Security Team that is responsible of monitoring infrastructure of some of the critical Microsoft Infrastructure like Windows Build, Windows Update, Signing Environment, Xbox and Surface.
• Experience in kick starting Detection Program from Scratch by adopting Kill Chain Model and ATT&CK MITRE Framework to detect advance Threats (APTs) and new attack techniques as the foundation of the detection program.

Sep 2015 – Aug 2017 · 1 yr 11 mos

• Expertise in handling Security Incidents involving Intrusion Detection, Digital Forensics, IOC Hunting and have been part of Response Team in some of APT Scenarios.
• Hands on experience in Host & Network Level Forensics. Have Leveraged Tools like KANSAAS, X-Ways in my Investigations.
• Experience of working in collaboration with Red Teams, Purple Teams and Green Teams to achieve the purpose of the exercise.
• Experience in alert Investigation on Arcsight.