Experience

Security Architecture · Detection Engineering · Cloud Incident Response · Threat Intelligence Automation

Lead Security Engineer

Payatu — Gurugram, HR

May 2025 – Present

Microsoft SentinelDefenderIntunePurviewWazuhAzurePythonKQLOTXVirusTotal

›Built end-to-end threat intelligence automation aggregating 50+ RSS sources with auto-categorization and full-text search, reducing manual triage by 70–80%.
›Automated IOC enrichment (IPs, domains, hashes) using AlienVault OTX and VirusTotal with concurrent scoring for faster SOC/IR investigations.
›Developed bulk domain intelligence tooling and large-scale website snapshot → PDF reporting for DFIR evidence documentation.
›Implemented Microsoft Teams → Azure Logic Apps → SharePoint workflows enabling near real-time advisory reporting.
›Led multiple fintech security engagements spanning data protection, detection engineering, IR, and SOC enablement.
›Developed MSRPC-specific alerts to identify unauthorized access attempts, reducing missed detections by 20%.
›Delivered Microsoft Purview DLP across ~400 endpoints and 15+ data sources with 10+ custom SITs and 25+ DLP policies, improving classification accuracy by ~40% and reducing business-impacting violations by ~30%.
›Deployed Defender, Intune, and Wazuh with 30+ security/compliance policies achieving 95% endpoint compliance.
›Built 30+ MITRE ATT&CK-mapped Sentinel queries improving detection coverage by ~30%.
›Led active breach response reducing MTTC by ~35%.
›Designed full incident management program including severity models, escalation matrices, and playbooks (~40% SOC readiness improvement).
›Delivered audit-ready artifacts enabling 100% closure of data protection and incident response audit observations.

Cloud Incident Response Engineer

Coralogix — Gurugram, HR

Sep 2024 – May 2025

Cloud Detection EngineeringIAM SecurityAutomated ContainmentCloud IR

›Reduced MTTD by 40% by engineering detections across CloudTrail, IAM, and VPC telemetry.
›Decreased MTTR by 35% via automated containment playbooks isolating compromised IAM identities.
›Led end-to-end response for high-severity IAM compromise and storage exposure incidents.
›Enforced least-privilege IAM guardrails improving cloud posture by 25%.
›Built 30+ MITRE ATT&CK (Cloud) use cases reducing false positives by 30%.

Insider Threat Management Officer

Bank of America — Gurugram, HR

Sep 2023 – Sep 2024

Insider Threat DetectionDLPThreat IntelligenceMonitoring Engineering

›Implemented alerts detecting DNS/HTTPS-based exfiltration.
›Built password spray long-duration detection logic.
›Created detection for Windows tampering and steganography tools.
›Reduced insider incidents by 25% via threat intelligence integration.
›Reduced IR time by 30% through playbooks & runbooks.
›Reduced false positives by 15%.
›Created SOPs for stakeholder escalation and control engagement.

Cyber Security Analyst

Bank of America — Gurugram, HR

Sep 2021 – Aug 2023

›Monitored malicious activity and blocked high-risk IPs/domains.
›Prevented data exfiltration by banning access for 7,000+ users.
›Proactively blocked high-risk domains with high data exfiltration risk.

Graduate Engineer Trainee

CRMNext — Mumbai, MH

April 2021 – Aug 2021

›Managed CRM systems improving data accuracy, leading to 15% increase in customer satisfaction.
›Designed email campaigns achieving 20% increase in open rates.
›Led CRM migrations with minimal business disruption.

Analyst — Detection & Response

April 2019 – Mar 2021

›Designed and tuned EDM/regex-based DLP detection policies.
›Reduced false positives and improved analyst triage efficiency.
›Conducted periodic DLP policy reviews and user guidance.