top of page

RESUME

Anchor 1
Summary

Senior Cybersecurity Consultant with 8+ years of experience leading SOC and IR operations, threat hunting, and detection engineering across Fortune 500 clients. Expert in SIEM/SOAR, cloud security, incident response, and security operations leadership. Proven ability to drive security improvements, automate workflows, and deliver actionable intelligence to executive leadership.    

Certifications
  • GIAC Cloud Threat Detection (GCTD)
  • GIAC Penetration Tester (GPEN)
  • Certified Ethical Hacker (CEH)
Work Experience
ey_logo.png
utsa_logo.png
Senior Cybersecurity Consultant - EY ( Austin, Texas )
July 2020 - Aug 2025

• Led a global SOC and IR team of 30 analysts across Fortune 500 clients, developing response strategies and guiding cross-functional teams through containment, eradication, and recovery.

• Served as the primary escalation point for complex incidents, leading end-to-end investigations and delivering detailed incident reports, RCA, and C-suite-level presentations.

• Led third-party security incident response and risk coordination, working with external vendors, SaaS providers, and service partners to investigate breaches, validate security controls, assess impact, and drive remediation and containment actions.

• Conducted advanced threat hunting using TTP-driven intelligence, IOC correlation, and forensic techniques across endpoint, network, and cloud.

• Engineered, tuned, and deployed high-fidelity SIEM detections, improving signal-to-noise ratio and significantly reducing false positives.

• Performed cloud-focused investigations and monitoring enhancements across AWS and Azure, integrating cloud-native telemetry with EDR/XDR insights to improve threat visibility.

• Led Purple Team exercises and simulations to emulate adversary behaviors, coordinated with Red teams to identify detection gaps to the MITRE ATT&CK framework, and strengthened real-world detection coverage.

• Built and optimized SOAR playbooks and Python/API-driven automations, reducing detection-to-response time by 35% and eliminating repetitive manual workflows.

• Led DLP investigations and response efforts, correlating endpoint, network, and cloud telemetry to identify data exfiltration behaviors, contain incidents, and strengthen preventive controls across multi-cloud environments.

• Developed and executed incident response strategies, playbooks, and workflows tailored to client environments and threat profiles.

• Mentored analysts in advanced investigations, threat hunting, and response workflows, contributing to measurable improvements in SOC effectiveness and incident handling maturity.

Teaching Assistant– UTSA

September 2018 – May 2020

  • Assisted students in conducting forensic investigations using tools like FTK, Autopsy, and Volatility to analyze file systems, memory, and network artifacts.

  • Guided lab sessions on evidence collection, chain of custody, and forensic reporting.

  • Supported projects involving browser forensics, ransomware analysis and malware root cause analysis.

  • Helped students interpret packet captures (Wireshark) and correlate findings with incident timelines.

  • Guided labs on firewall configuration, IDS/IPS tuning, and SIEM log correlation (Splunk).

  • Supported exercises in network traffic analysis, vulnerability scanning (Nessus, Nmap).

  • Graded assignments and provided feedback on forensic case studies and lab reports.

 

Executive Engineer – Vodafone Shared Services India

July 2016 - July 2018

 

  • Monitored and triaged 50–100 Unix and network security alerts tickets daily within the team, ensuring SLA compliance and timely escalation of critical incidents.

  • Authored and maintained Standard Operating Procedures (SOPs) to standardize incident handling and alert response, enhancing team efficiency and onboarding effectiveness.

  • Collaborated with senior engineers to perform root cause analysis and implement preventive measures for recurring system or security issues.

  • Supported cross-functional initiatives as a project lead for alert management optimization, coordinating small security teams to improve detection accuracy, workflow automation, and escalation protocols.

  • Strengthened leadership skills through mentoring junior analysts, driving knowledge sharing, and ensuring alignment with operational and security objectives.

 

 

Unix Administrator – Mphasis Ltd.

November 2015 – July 2016

  • Monitored the OS & hardware alerts (200-300 alerts daily) from Unix, Windows, VMware servers of clients.

  • Handled Severity-1 and Severity-2 Bridge calls on a daily basis & maintained the SLA for critical issues.

  • Assisted in the creation of runbooks and standard operating procedures (SOPs) for incident handling.

Skills

·       Threat Detection & IR: SOC, Incident Response, Malware Triage, Incident Coordination and Escalation management, Threat Hunting, Detection Engineering, Purple Teaming

·       Networking & Tools: TCP/IP, Wireshark, Metasploit, Burp Suite, Nessus, Nmap, Fidelis NSM, FTK, Autopsy, Volatility

·       Programming, Scripting & DevOps: Python, PowerShell, KQL, SQL, GitHub, CI/CD, Docker, Kubernetes

·       SIEM & SOAR: Splunk ES, Azure Sentinel, SOAR Playbooks

·       Endpoint Security (EDR/XDR/NDR): CrowdStrike, Carbon Black, Microsoft Defender, Fidelis EDR

·       Cloud Security: AWS, Azure, Wiz CSPM, Orca

·       Other: Project Management, IT Risk Management, Executive Reporting, Mentorship and Coaching

Education
utsa_logo.png
uop_logo.jpg
The University of Texas at San Antonio

​2018 - 2020

Master of Science in Information Technology and Cyber Security                              

Savitribai Phule Pune University, K J College of Engineering and Management Research

​2010 - 2014

​Bachelor of Computer Engineering

Activities & Honors

  • Bravo awards recognized by EY for stepping up in the client initiatives and rising to the challenge to take on the Operations lead role, ensuring solid relationships with the client, and being a team player.

  • Recognized for Exemplary Performance by the Team Manager & Vice President at Mphasis Pvt Ltd.

  • Completed training on AWS Monitoring, CI/CD, and Deployment with Developer tools by LearnkartS.

  • Completed the AI for Everyone course training by DeepLearning.AI

  • SANS Cloud Threat Detection and Response (Course SEC541) training completed.

  • Winner of the SANS SEC560 CTF exercise, a SANS coin was received for the same.

  • Completed training PentesterLab’s Essential (PTLE0768).

  • Completed training course provided by Cybrary in Web Application Penetration Testing

bottom of page