Jan 2024 – Apr 2024 · 3 mos · Bengaluru, Karnataka, India · Remote

• Oversaw end-to-end Security Operations across four core domains: Vulnerability Management, Incident Response, Threat Intelligence, and Detection Engineering.
• Led investigations into complex cyber threats, including high-impact attacks and financial fraud, ensuring timely and effective incident containment.
• Directed daily SOC operations, managing workload distribution, incident response workflows, and team performance.
• Provided technical leadership and mentorship to Security Analysts, driving skill development and operational maturity.
• Acted as the primary liaison between Security Operations and Engineering teams to coordinate incident response and ensure streamlined communication.
• Championed process optimization and continuous improvement initiatives to enhance the efficiency and resilience of security operations.

Feb 2023 – Jan 2024 · 11 mos · Bengaluru, Karnataka, India · On-site

• Led the design and enhancement of ASPL’s Security Service Delivery Model to ensure operational scalability, service excellence, and alignment with client objectives.
• Built and managed a high-performing SOC team, delivering 15+ managed security projects across diverse industries with consistent service quality and client satisfaction.
• Established the Sec360 team from scratch, developing SOPs, KPIs, threat models, and next-gen SOC processes leveraging Google Chronicle and NetEnrich Resolution Intelligence Cloud.
• Oversaw complex technology implementations across SIEM, EDR, DLP, Proxy, CASB, and Antivirus, ensuring seamless deployment and integration.
• Defined project-specific SOWs and collaborated with sales and solution teams to align deployment strategies with technical and business requirements.
• Drove GRC, audit readiness, and strategic consulting efforts to maximize product adoption, customer retention, and long-term value.

Jun 2021 – Feb 2023 · 1 yr 8 mos · Bangalore Urban, Karnataka, India · Remote

• Designed and implemented scalable SIEM architecture, integrating diverse security tools and data sources; led use case development, log parsing, and legacy rule migration.
• Acted as SPOC for Security Operations, managing solution architecture, product evaluations, POCs, and end-to-end deployment of enterprise security technologies.
• Ensured endpoint, server, and cloud compliance using McAfee ePO, CrowdStrike Falcon MDR, Cisco Umbrella, and Trend Micro Cloud One – Conformity.
• Led CyberArk PAM deployment and expansion to secure and unify privileged access across multiple domains.
• Monitored incident trends, tool coverage, and SLA compliance through Power BI dashboards, aligning with asset inventory and operational metrics.
• Drove strategic security investments through budgeting, ROI analysis, and alignment with organizational risk posture and IT roadmaps.

Sep 2017 – Jun 2021 · 3 yrs 9 mos · Pune, Maharashtra, India · On-site

• Built and operationalized the Security Operations Center (SOC) from scratch, defining the framework, team structure, processes, and service governance.
• Led the development and optimization of SOC use cases for security monitoring, threat detection, malware analysis, and compliance within Splunk Enterprise Security.
• Acted as a Cybersecurity SME, leveraging the MITRE ATT&CK framework and OSINT tools to design advanced detection logic and conduct proactive threat hunting.
• Directed daily SOC operations, including incident triage, playbook creation (OPDs), audits, team mentoring, and upskilling aligned to individual growth paths.
• Delivered client-facing dashboards, incident reports, and executive summaries; facilitated regular governance meetings and presented PMR reports to stakeholders.
• Collaborated with global SOC and engineering teams to drive automation, process improvements, and ensure timely delivery of project milestones and security initiatives.

Nov 2013 – Sep 2017 · 3 yrs 10 mos · Pune, Maharashtra, India · On-site

• Configured and managed Splunk Search Head and Indexer Clusters to ensure high availability, data replication, and distributed search performance.
• Set up and administered Deployment Server, License Master, and Forwarders (Universal & Heavy) for seamless app distribution, log onboarding, and license management.
• Installed and configured Splunk Enterprise and Universal Forwarders across Windows and Linux environments, integrating diverse log sources into the Splunk ecosystem.
• Developed, customized, and deployed Splunk Apps (e.g., DBConnect, Splunk App for Linux, Enterprise Security) to support operational and compliance requirements.
• Monitored infrastructure health using system tools and Splunk consoles; resolved performance issues including slowness, bucket fix-ups, and availability concerns.
• Designed real-time dashboards, reports, and visualizations to support security monitoring, decision-making, and operational insights.