SOC Technical Lead

• Leading a 20+ member cybersecurity team, driving incident response, threat hunting, and security automation with tools like Microsoft Defender, Azure Sentinel, Sentinel One, and RSA Net Witness
• Optimizing security monitoring and threat detection by configuring and managing Azure Sentinel connectors, workbooks, playbooks, and KQL queries for threat detection, and incident response
• Integrated Microsoft Defender for Endpoint, Office 365, Identity, Cloud Apps with Azure Sentinel for centralized threat response, with automated remediation
• Designing and implementing SIEM dashboards on Splunk, Azure Sentinel, Netwitness to provide real-time monitoring, incident tracking, reduce manual effort, and improve operational efficiency
• Leveraging External threat intelligence feeds such as MISP, ThreatConnect, and FireEye to enhance Threat Hunting accuracy and proactive defence strategies
• Developing and fine-tuning SIEM detection logic and refining analytics rules and correlation strategies to minimize false positives, enhance threat detection and improve response efficiency
• Driving continuous security improvements by reviewing and optimizing analytics rules, playbooks, and workbooks quarterly, boosting SOC performance by 15%
• Automated high-fidelity alert containment using Azure Logic Apps, reducing response time by 30%

Achievements:

• Optimized SIEM rules & correlation log cutting false positives by 40%, improving SOC efficiency
• Automated threat containment with playbooks, reducing manual triaging effort by 30%

• Managed security solutions, deploying and monitoring firewalls and proxy (Checkpoint, Palo Alto, Cisco ASA, Zscaler) for global network security
• Conducted root cause analysis for security incidents and recommended risk mitigation measures
• Monitored customer network traffic and logs from various sources (e.g., firewalls, IDS/IPS, cloud platforms) to detect and mitigate potential threats