Experience & Education
Nearly two years of enterprise security operations in a SEBI- and RBI-regulated financial services environment — first owning Data Loss Prevention and Privileged Access Management operations, then moving into the CSIRT for SIEM monitoring, incident response, and threat hunting.
Master of Science in Cybersecurity
Bachelor of Computer Applications
Cyber Security Analyst — Monitoring & Incident Response (CSIRT)
SIEM Monitoring & Incident Response
- Monitored and triaged security alerts in real time across QRadar SIEM, SentinelOne EDR, Darktrace NDR, FortiAnalyzer, McAfee IDS/IPS, and WAF — processing 150+ weekly events for severity, confidence, and business impact.
- Investigated incidents across the full lifecycle (investigation, containment, eradication, recovery, post-incident review) — including malware execution, unauthorized access, anomalous data transfers, phishing, and lateral movement over RDP, SSH, and SMB.
- Provided SIEM tuning recommendations that reduced false-positive alert volume by over 30% and improved MTTD/MTTR to a ~6-hour average for low/medium-severity events.
Threat Hunting, Playbooks & Threat Intelligence
- Hunted proactively across EDR telemetry, SIEM alerts, and network traffic — identified Lenovo endpoints exposing unsecured wireless hotspots, mapped findings to MITRE ATT&CK, and drove an organization-wide GPO remediation.
- Prepared and maintained incident response playbooks and runbooks covering malware, unauthorized access, phishing, lateral movement, and anomalous data transfers; participated in tabletop exercises (TTX).
- Monitored threat intelligence from CERT-In, SEBI, and RBI advisories plus CloudSEK XVigil and VirusTotal, coordinating IOC distribution to security devices across the infrastructure.
- Administered the SentinelOne EDR platform (USB device monitoring, allow/block lists, business-unit segmentation) and WAF (application onboarding, certificate management, log investigation for injection patterns).
Cyber Security Analyst — Security Operations (DLP & PAM)
Privileged Access Management (PAM) Operations
- Owned CyberArk PAM operations organization-wide — 312 user licenses across the full access lifecycle: provisioning, session monitoring, MFA enforcement, keystroke logging, and de-provisioning — as part of a 3-member IAM team.
- Led the CyberArk Centralized Password Manager (CPM) implementation end to end, from business case through production deployment, presenting outcomes to C-suite leadership (CISO, CTO, CCO, CPO).
- Designed and deployed a load-balanced jump server architecture routing sessions by server utilization; onboarded additional PSM servers and integrated thick clients including PL/SQL and pgAdmin.
- Automated stale privileged account removal (inactive 7+ days) with PowerShell to reduce attack surface and optimize licensing; automated security log migration to a dedicated NAS.
DLP Operations, Compliance & Governance
- Overhauled Symantec DLP policy architecture — replaced broad business-unit groupings with granular sender/recipient profiles and strict transfer thresholds, closing gaps that had allowed unauthorized data movement to go undetected across email, USB, and network upload channels.
- Led the SEBI compliance audit representing PAM and DLP functions across the full audit lifecycle — evidence gathering, control mapping, findings documentation, and presentation to C-suite leadership.
- Achieved a 12-minute data center to disaster recovery (DC–DR) switchover with complete data replication — the fastest on record — validating continuity controls through live testing.
- Processed daily security approvals (access requests, SFTP, firewall rule changes, shared folder permissions) and performed daily health checks across 24+ servers spanning primary DC, near-DR, and far-DR environments.
Formally recognized by the CISO with a certificate of appreciation for contributions to cybersecurity operations and the firm's security awareness program.
Earned recognition from C-suite leadership (CISO, CTO, CCO, CPO) for leading the SEBI compliance audit representing PAM and DLP functions.
Selected as one of 22 organization-wide ambassadors for the Great Place to Work initiative (May 2023 – July 2024).
TryHackMe Top 5% global ranking through ongoing hands-on offensive and defensive labs.