Work Experience

• Architected and deployed a production-grade Microsoft Sentinel SIEM + SOAR environment for real-time threat detection and automated response.

• Engineered advanced KQL analytics rules including brute-force detection with high-fidelity alerting.

• Developed and integrated custom Logic Apps playbooks triggered via Automation Rules for account, source IP, host, and timestamp enrichment.

• Configured enterprise logging infrastructure using Azure Monitor Agent, custom DCRs, Syslog, and system logs.

• Implemented full SOC workflow: log ingestion → real-time KQL detection → incident creation → automated SOAR response.

• Conducted extensive testing, tuning, and documentation of detection rules, playbooks, and runbooks for production readiness.

• Completed TryHackMe premium defensive security path with advanced modules in alert triage, threat hunting, incident response, and purple-team simulations.

• Developed multiple Python-based automation frameworks for log parsing, behavioral anomaly detection, phishing email analysis, and security orchestration.

• Built and maintained client-side security tools focused on digital forensics, malware analysis support, and OSINT collection for threat intelligence.

• Performed regular threat-hunting exercises using MITRE ATT&CK framework and custom detection logic across simulated environments.