May 2024 – Apr 2025 · 11 mos · Bengaluru, Karnataka, India · Hybrid

• Main Responsibilities:
• Led SOC engineering efforts, overseeing the development and optimization of SOC data pools to enhance data-driven threat detection.
• Conducted attack-defense simulations to test and improve incident response strategies and security defenses.
• Spearheaded Sigma detection rule engineering to create and refine detection use cases aligned with client environments.
• Managed and executed forensic investigations on compromised systems to identify root causes and threat actors.
• Developed and deployed new detection rules across various SIEM platforms to enhance threat identification and response.
• Maintained and fine-tuned EDR solutions to ensure optimal endpoint threat detection and remediation.
• Coordinated incident response activities, ensuring effective containment and mitigation of security incidents.
• Focused on live analysis and threat hunting to support comprehensive threat analysis and remediation.
• Collaborated with cross-functional teams to align detection capabilities with business security requirements.
• Enhanced the security posture of client environments through regular updates and custom rule creation.

Feb 2024 – Apr 2024 · 2 mos · Kolkata, West Bengal, India · On-site

• Managing experienced professionals of C-SOC (Cyber Security Operations Centre) and security engineering team. Sets goals and objectives for team members for achievement of operational results. Evaluates incident response procedures and capabilities. Implement cyber security policies and takes measures against intrusion attempts, frauds, attacks, or leaks/breaches.
• ⁠Resolves conflicts that arise during problem-solving. Adapts departmental plans and priorities to address resource and operational challenges. Influences others in cross-functional teams regarding policies, practices, and procedures.
• ⁠Provide technical direction to analysts on handling the incidents and creating the knowledge base articles.
• ⁠Reviewing the incident analysis for the tickets created and identifying the gaps in the incident response process and sharing the feedback to the L1 and L2 team on gaps observed and moving incident to the closure.
• ⁠Publishing the reports and dashboards as per the requirement from the leadership.
• ⁠Mentoring junior soc teams and security engineers and incorporating new training programs to upskill analysts.

Dec 2021 – Feb 2024 · 2 yrs 2 mos · Kolkata, West Bengal, India · On-site

• EssilorLuxottica is an Italian-French vertically integrated multinational corporation based in Paris, a global leader in the design, manufacture and distribution of ophthalmic lenses, frames and sunglasses.
• Main Responsibilities:
• # Drive continuous improvement on detection, analysis, escalation, response and containment for all cyber incidents.
• # Part of the EL-CSIRT (APAC) and highly specialized team for maintaining effective cyber security analysis capabilities covering IT assets.
• # Work in collaboration with the Cyber Security Operations Centre (C-SOC) Interface, including all modifications to existing monitored systems and incorporation of new systems.
• # Respond to highly complex cyber threats in real-time and develop extensive professional experience and expert knowledge to quickly analyze events.
• # Provide specialist guidance to secure organization and the technical expertise to analyze advanced attack methodologies.
• # Assess the vulnerability of critical infrastructure for compliance, security and attack surface management.
• # Perform detailed post-incident analysis and provide guidance for procedure or process changes in response.
• # Carrying out monthly threat hunting campaigns with MITRE ATT&CK TTPs to develop hypothesis of threat actors targeting the manufacturing industries.
• # Take part in attack-defense simulation to test out forensic projects and process readiness.
• # Perform compromise assessment and purple teaming (OT/ICS/IT)
• # Maintain a broad knowledge of current and emerging state-of-the-art computer/network protection and forensic systems, technologies, architectures and products.
• # Provide 24x7 cyber incident response (IR) support on a roster basis.

Nov 2020 – Sep 2021 · 10 mos · Kolkata, West Bengal, India · Hybrid

• # Forensic analysis, training, consulting and e-Discovery services
• # Preserve and analyze data from electronic data sources, including laptop and desktop computers, servers and mobile devices
• # Analysis of Mobile, Email, Network, Data, File System, Memory Forensics
• # Examined and analyzed electronic media in support of computer intrusion, counter intelligence and criminal cases
• # Lead digital forensic and cyber-crime response efforts. Liaise with client representatives
• # Prepare Process documents. Participate in the reviews of Process documents

Jul 2020 – Sep 2020 · 2 mos · Delhi, India · Remote

• Digital Forensics and Cyber Breach Response. This covers a range of use cases including employee investigations, insider threat, breach and incident response, as well as standard digital forensics work.

May 2019 – Aug 2020 · 1 yr 3 mos · Nashik, Maharashtra, India · Remote

• Training and consulting on :
• Information Security
• Cyber Crime
• Cyber Forensic investigation