Security Analyst at NTT Data (2025-02 – Present)
Security analyst focused on detection engineering, threat hunting, and SOAR automation in hybrid MSSP environments.
- Tuned 20+ KQL detection rules in Microsoft Sentinel and refined additional AQL rules in IBM QRadar across two hybrid MSSP environments, cutting generic false positives by 25% and eliminating 100% of false positives on environment-specific rules.
- Triaged and investigated 4,000+ offenses/Incidents across malware, phishing, and identity-based threats, delivering forensic analysis that supported containment and remediation decisions.
- Architected Azure Logic Apps SOAR playbooks that auto-enrich alerts with post-detection analysis notes and auto-close offenses from expected entities or benign events, reducing analyst initial-analysis time and removing recurring noise from the queue.
- Hunted stealthy attacker behaviors across endpoint and network telemetry, closing MITRE ATT&CK-mapped detection gaps and feeding findings back into the use-case library.
- Tuned CrowdStrike IOA exclusions, sensor policies, and Zscaler URL-filtering rules to suppress noisy alerts while preserving 100% detection fidelity on high-severity incidents.
Security Engineer at Capgemini (2023-02 – 2025-01)
Security engineer specializing in detection engineering, log automation, and threat hunting across IBM QRadar SIEM platform.
- Built 3 new AQL offense rules from scratch and tuned 20+ existing rules in IBM QRadar, aligning detections to MITRE ATT&CK techniques and translating adversary TTPs into real-time alerts.
- Automated log-source and investigation reporting with Python, reducing manual report prep from 2–3 hours to 8 minutes (95% time reduction) for 11 SOC analysts; extended with Streamlit dashboards fed by Jira API to surface offense trends and SOC KPIs for leadership.
- Hunted across historical log data to surface signature-evading attacker activity, feeding new detections back into the use-case library and supporting SOC audit readiness.