Apr 2023 – May 2025 · 2 yrs 1 mo

• Threat Detection & Response: Leading end-to-end threat hunting, detection engineering, and intelligence to preemptively address emerging threats.
• SOC Architecture: Architecting and operationalizing Security Operations Centers (SOCs) for both regulated and non-regulated sectors, ensuring resilience and compliance.
• Technical Function Development: Building and maturing core functions, including Threat Detection, Incident Response, Digital Forensics, Threat Hunting, and Security Monitoring.
• Incident Response: Directing threat investigations and incident responses for rapid containment and resolution.
• Data Pipeline Management: Building and scaling data and logging pipelines to enhance visibility and streamline threat detection.
• Security Analytics: Developing security analytics, detections, and hypotheses to identify anomalies and threats within large datasets.
• Insider Threat Mitigation: Addressing insider threats, data exfiltration, and leak prevention to protect sensitive information.
• Advanced Tooling: Managing Elastic Cloud/ELK, Crowdstrike Falcon, YARA, Sigma, Sysmon, Osquery, Splunk, Logstash, and AWS logging for comprehensive security coverage.
• Detection Across Environments: Developing detections for endpoints, SaaS applications, and cloud to secure diverse threat surfaces.
• SOC Metrics: Tracking and improving SOC and hunting metrics for enhanced performance.
• Cross-Functional Coordination: Collaborating with Engineering, IT, and Management to ensure cohesive security strategies.
• Automation & Coding: Writing Python code for data analytics, response automation, and tool integrations.
• MITRE ATT&CK Integration: Leveraging MITRE ATT&CK to build defenses against known APT activity and adversary tactics.

Apr 2022 – Jul 2023 · 1 yr 3 mos

• Expertise: Threat Hunting, Detection, Log Analytics, MITRE ATT&CK, Python, Intelligence
• Experienced Threat Researcher and Threat Hunter leading Threat Detection Engineering Program on Cloud, Enabling Detection as an Engineering Function.
• Tuning and setting up Cloud Security Operations paradigms, Processes, and Procedures. The people, tech, and process of it.
• Enabling Threat Intelligence & Hunting on Cloud
• Building SIEM/Incident Response/SecOps Processes
• Threat Research to Security Analytics
• Adversary Emulation
• Security Operations Center (SOC)
• Incident Response
• SOAR
• Automation, Python,

Mar 2022 – Apr 2022 · 1 mo

Dec 2020 – Mar 2022 · 1 yr 3 mos

• Lead threat hunter & Intelligence Operator working to transitioning a new Cloud SOC to steady state.
• Primary Role :
• Hunting Threats and evaluation of datasets to determine Threats/malicious behaviour and anomalies.
• Defining threat hunting strategies and processes on major cloud platforms (AWS/GCP/Azure).
• Threat Intelligence Operations-Collection/prioritization/sanitization of Intelligence & Converting them into actionable advisories/Reports.
• Other Responsibilities :
• Working on Elastic stack to help transition SIEM, Use-cases and cloud events for visualization /dashboards.
• Writing Detection Use-Cases on Cloud Native Logs (AWS-Cloudtrail/VPC Flow Logs)
• Woking on Automated Bots/Automation scripts/Lambda Functions to automate repetitive SOC Operations.
• Training Peers and Folks on Threat Hunting/Intelligence and creating a culture of Proactive Security enforcement.

Jul 2020 – Dec 2020 · 5 mos · Hyderabad, Telangana, India

Nov 2019 – Jul 2020 · 8 mos

• Threat Hunting, EDR , Automation, Malware Analysis, RCA, Incident Response.
• Building unified threat hunting platform to enable threat hunting as a service.
• Building security tools,scripts,and cloud products to encourage different data analysis approaches and machine learning.
• Aligning security posture to enable detection of Advanced threats via use of MITRE.
• Detection and Tracking of APTS and threat behaviours(TTPs) on Process based data domain to ensure effective threat Hunting in place.
• Adoption and alignment of security to MITRE.
• administration and management of EDR platform Crowdstrike Falcon and Carbon Black

Jun 2019 – Nov 2019 · 5 mos

• SOC Analyst, working on Cyber threat hunting & automation to blend together both the cultures and drive intelligent security operations.
• Solving Security problems via scripting and product development
• Incident Response and Security Monitoring.
• Automating Cyber threat hunts and drive operations based on intelligence.
• Malware Analysis to find malicious actors detected in environment,align to cyber kill chain, hypothesis creation and hunt driving
• contribute to open source technologies

Mar 2019 – Jun 2019 · 3 mos

• Project Name: Confidential (Finance and Risk)
• Task:
• Work as Information Security Analyst on Qradar as primary SIEM and deal will daily offenses to provide security monitoring & Incident response services.
• Work as an Analyst in a newly setup security operation Center to ensure stabilization and steady operations along with established procedure and processes in place.

Dec 2017 – Feb 2019 · 1 yr 2 mos

• Project Name : confidential (Retail based client)
• Task: Setup and transition a newly established SOC from simulated stage to Live operations.
• Work as L2 Security analyst and provide remediation and triage to escalated offenses by L1 team in Costa Rica. Managed and worked on Multiple security tools to correlate data .
• Threat Hunting and Manual log Investigation to find hidden threats.