Oct 2023 – Feb 2026 · 2 yrs 4 mos

• Lead global SOC and Threat Hunting teams driving proactive detection, threat intel fusion, and incident response across IT, OT, and Cloud environments.
• Developed and deployed an Executive Cyber Shielding Program for C-level protection against advanced phishing, social engineering, and targeted attacks.
• Managed incident investigations for phishing, insider threats, endpoint compromises, and cloud anomalies.
• Established KPIs and maturity models for SOC performance, threat hunting effectiveness, and incident resolution.
• Direct Purple Team operations using ATT&CK-aligned simulations to validate and enhance detections.
• Strategized deception technology to detect stealthy attacks & insider threats.
• Leveraging Intel & Honeypots to develop focused hunts to detect persistence.
• Acted as a coordination point for Cyber Drills to assess SOC readiness.
• Manage relationships with Legal team & third-party incident response providers.

Mar 2022 – Oct 2023 · 1 yr 7 mos

• Led the global transition and consolidation of EDR platforms across 100K+ endpoints.
• Delivered PAM transformation strategy, enhancing privileged user security.
• Implemented centralized monitoring & compliance reporting aligned with audit need.
• Played a key role in service continuity planning and cyber resilience strategy.
• Led Zero Trust deployment, aligning segmentation, identity, & endpoint policies with business-critical assets.
• Experience in new security tools POC, implementation, Optimization, troubleshoot, and resolve technical issues related to security tools.
• Architected and operationalized an end-to-end Vulnerability Management Program.

Feb 2020 – Mar 2022 · 2 yrs 1 mo

• Oversaw annual cybersecurity planning, budget preparation, and forecasting for staffing, tooling, and licensing.
• Created dashboards for vulnerability exposure, SLA trends, and platform utilization.
• Established & matured metrics for incident SLAs, Zero-day Vulnerability remediation & platform ROI tracking.
• Built governance frameworks for critical patching, vulnerability closure, and compliance reporting aligned to NIST findings.
• Streamlined SOC metrics (MTTD, MTTR) and automated repetitive tasks using SOAR platforms.
• Oversee Asset Visibility and inventory accuracy using Axonius and CMDB integrations; identified and resolved 100K+ asset gaps.

Mar 2018 – Feb 2020 · 1 yr 11 mos · Bengaluru Area, India

• Experience working in cyber security engineering team in refining use cases.
• Experience supporting security tools, like PAM, SIEM, EDR, NGFW, CSPM, Email SEG.
• Experience in new security tools POC, implementation, Optimization, troubleshoot, and resolve technical issues related to security tools.
• Creating Dashboard for Senior management about the top risk to drive remediation.
• Formalized Incident Response process in Integration with Automation team
• Providing and tracking Service improvement plan for SIEM and Vulnerability Assessment.
• Fine tuning the Qradar rule which are generating multiple false positives or not contributing to offense.
• Defining the IR process to govern the incidents (like phishing , Brute force).
• Writing custom Parsers and Event mapping in Qradar for custom log source.
• Fine-tuning the Policies for Azure Security Center as per Security requirement.
• Troubleshooting and remediating the long pending vulnerabilities.
• Monitoring the DLP alerts and escalating the alerts to the clients as per process.
• Creating Web filtering policies and troubleshooting the issue where web filter is not working.
• Limiting Attack Surface from Projects like Domain Admin review, Win 2003 Servers.
• Preparing a Monthly and Quarterly Business review decks and presenting to the clients.

Oct 2015 – Mar 2018 · 2 yrs 5 mos · Greater Bengaluru Area

• Managing the MBR / QBR governance call with Global Customers.
• Assessed & closed Security Gaps through SIP plan to strengthen security posture.
• Defined KPI’s & OKR to track cyber projects & proactively highlight any risk.
• Formalized Vulnerability Program to detect & track vulnerabilities closure thereby reducing Attack Surface.
• Analyze offenses and security incidents in MSSP for Global customers.
• Provide analysis and security log data for security devices integrated with QRadar.
• Investigate, document, and report on information security issues.
• Accountable for the closure of the security incidents.
• Managing the daily and weekly governance call and reports of the customer
• Integration of the Windows, network and Linux log sources with SIEM

Sep 2013 – Sep 2015 · 2 yrs · Greater Bengaluru Area

• Detection, monitoring and analysis of security incidents.
• Performing health check-up and preparing reports on daily basis of the security tools.
• Monitoring agent health 100K+ machines and make sure all are compliant.
• Successfully upgraded agents in Phase manner to avoid any disruption to business.
• Analyze NIPS Alerts on Site protector console.
• Worked on Ticketing Tool “Maximo“ for the follow up of the open incident assigned to the respective team.

Dec 2012 – Sep 2013 · 9 mos · Greater Bengaluru Area

• Resolving Technical Issues faced by clients (OS/HW/Networking) for consumer products.
• Supporting clients for installation of Operating systems (Windows 7,Windows 8)
• Supporting the clients by verifying, isolating, diagnosing and resolving the issue in turnaround time given to client.
• Creating Open case reports documents on daily basis.
• Worked on ticketing tool: “SR Dash” for logging the ticket for dispatch of Hardware and tracking the unused hardware dispatch returned.
• Creating record documents of dispatched Hardware components