Jul 2022 – Present · 3 yrs 9 mos · Bangalore · Hybrid

• Working as a Security Incident Responder in Intel's Global Cyber Response Team, experiencing end to end Incident Response for Intel's network.
• Responsibilities:
• Detect and respond to company-wide security incidents, coordinating cross-functional teams to mitigate and eradicate threats.
• Monitor and analyze emerging threats, vulnerabilities, and exploits.
• Contribute to the development and implementation of scalable preventative security measures (detection, monitoring, exploitation)
• Incorporate current security trends, advisories, publications, and academic research.
• Communicate risks and mitigations across multiple audiences.
• Experience with operating system internals and hardening, web application and browser security, and monitoring and intrusion detection.
• Detect and independently respond to security incidents across an organization.
• Conduct proactive threat hunting based on threat intel.
• Perform forensic analysis of infected hosts independently.
• Analyze network traffic and identify attacker activity.
• Build and maintain scalable log ingestion and analytics platforms and tooling.
• Perform a Postmortem root cause analysis (RCA) and incident reviews.
• Work projects to completion across multiple teams, engineering, IT, development, communications, audit, legal.

May 2019 – Dec 2021 · 2 yrs 7 mos · Bangalore

• Investigation and Threat Hunting of Security Alerts on Splunk ES using TTP, Cyber Kill Chain and MITRE Attack
• Methodology.
• Detecting malicious activity of an attacker using tactics and techniques based on real-world observation as per
• MITRE ATT&CK framework and other techniques during adversarial research.
• Creating correlation rules in Splunk based on Threat Hunting scenarios using various logsources.
• Contributing to various POC on cutting edge tools and technologies to find the best fit for the organization.
• Developed solutions to automate the pain points faced by the team.
• Investigating Cloud Based Incidents on different platforms like Microsoft O365(MCAS), Azure, AWS & GCP
• including maintaining & finetuning their policies.
• Investigating & Analyzing Phishing Campaigns with FireEye Email Security Solution & Cisco ESA including
• setting up required email policies.
• Analyzing Network Based anomalies with Forcepoint, McAfee NSM & Cisco Stealth watch, including
• finetuning the firewall rules based on the requirements.
• Dynamic Malware analysis with different sandboxes and perform root cause analysis for endpoint incidents, including this performing Static Malware Analysis in Malware Lab for special cases.
• Building IOCs (both Static as well as Behavioural Ones) for threats & tools.
• Conducting Phishing Exercises & training employees on aspects of Human Firewall.