Nov 2023 – Apr 2026 · 2 yrs 5 mos

• Designed and delivered end-to-end security automation solutions across SOAR, SIEM, DevOps, and communication platforms, driving measurable reductions in manual effort, response times, and operational overhead.
• 1. Automated Patch Tuesday reporting for Microsoft and SAP by integrating MSRC, SAP Security Notes, and a SOAR platform with generative AI, reducing reporting time from 3–4 hours to 7 minutes and enabling rapid critical vulnerability identification.
• 2. Engineered IOC hunting automation by connecting DevOps tools, SIEM, and notification systems, eliminating ~1 hour of manual effort per hunt while enabling real-time threat visibility and response.
• 3. Automated web app URL scoping and dangling CNAME detection via a cloud-based pipeline, reducing vulnerability scoping time from 28 hours to under 4 hours with zero human intervention, increasing scanning frequency and decreasing time-to-patch.
• 4. Integrated Microsoft Teams with Rapid7 InsightVM and ServiceNow for on-demand infrastructure scans with auto-distributed reports and embedded Teams across automation deliveries, eliminating platform switching and unifying automation with communication workflows.
• 5. Automated Threat Level Assessment across 16 critical parameters and delivered Automated Adjusted Risk Rating (ARR) calculations directly within Microsoft Teams, cutting per-threat analysis from 15 minutes to 1 minute and removing friction from risk rating workflows.
• 6. Designed 12 modular Logic Apps out of 35+ delivered in 2024 to scale SOAR capabilities, enhanced RFI workflows for Vulnerability Management, Threat Intelligence, and Threat Hunting teams, and supported Portfolio Company M&A onboarding to DevOps, improving speed, modularity, and data integrity across the function.
• 7. Overhauled Azure DevOps for cybersecurity teams by creating 16 custom work item types, adopting sprint methodologies, and implementing automated communication, significantly improving workflows across multiple teams.

Aug 2021 – Nov 2023 · 2 yrs 3 mos

• Built and refined threat detection capabilities within SIEM and SOAR environments, translating complex behavioral analytics requirements into deployment-ready detection logic.
• 1. Configured alert-generating detection logic within SIEM by engineering rules to identify suspicious patterns and events, enabling early detection of potential breaches and improving overall security posture.
• 2. Developed 49 out of 84 detection use cases (59%) published organization-wide in 2023, directly expanding threat coverage and amplifying SIEM effectiveness.
• 3. Transformed behavioral analytics requirements into deployment-ready SIEM algorithms by collaborating with cybersecurity stakeholders, bridging the gap between business needs and technical execution.
• 4. Drove architectural improvements across SIEM and SOAR environments in collaboration with cross-functional teams, enhancing scalability, reliability, and detection performance.

Jul 2020 – Jul 2021 · 1 yr

• Strengthened enterprise security operations through monitoring, identity and access management, risk visibility, and cross-team collaboration across Incident Management and Threat & Vulnerability Management.
• 1. Built an enterprise-wide risk dashboard by consolidating visibility across IT ecosystems, accelerating vulnerability remediation, vertical reporting, and security awareness organization-wide.
• 2. Deployed enterprise security monitoring and penetration-testing management tools to ingest raw security-relevant data including authentication events, firewall activity, and persistent outbound data transfers, strengthening real-time threat visibility.
• 3. Implemented Just-in-Time and Just-Enough-Access (JIT/JEA) controls for SIEM platform IAM and onboarded the full application portfolio to MFA and SSO, reducing standing privilege exposure and increasing user identity assurance enterprise-wide.
• 4. Assessed organizational security posture at the network level by evaluating the effectiveness of existing cybersecurity controls, identifying gaps and supporting remediation prioritization.
• 5. Operated at the intersection of Cyber Incident Management and Threat & Vulnerability Management teams and partnered with the IAM Onboarding Team to structure JML (Joiners, Movers, and Leavers) data, enabling coordinated threat response and efficient access lifecycle management.
• 6. Served as Cybersecurity SME across a broad range of tools and services, providing expertise to support secure operations and informed decision-making.

Aug 2019 – Jun 2020 · 10 mos

• Supported cybersecurity operations and detection engineering efforts while developing hands-on expertise across security tools, processes, and team workflows.
• 1. Assisted in securely deploying new cybersecurity tools and solutions, expanding the organization's security capabilities during onboarding and integration phases.
• 2. Contributed to detection logic and automation requirement-gathering by collaborating with cybersecurity teams, helping translate operational needs into actionable technical specifications.
• 3. Applied cybersecurity knowledge across a range of tools and services, building foundational SME expertise while supporting day-to-day security operations.