Ravi Mishra

Dear Hiring Manager,

My name is Ravi Prakash Mishra, and I am currently available as an immediate joiner. I bring 17+ years of experience in cybersecurity, with deep expertise across threat research, detection engineering, malware analysis, and security engineering, along with proven leadership experience in building and supporting security products.

Throughout my career, I have worked extensively in detection engineering, reverse engineering, incident response, and endpoint security, applying frameworks such as MITRE ATT&CK to drive effective threat modeling, threat hunting, and intelligence-led detections. I have strong hands-on experience with malware analysis, log analytics, threat intelligence, and large-scale security operations, enabling me to design high-fidelity detections and respond effectively to advanced threats.

In addition to my technical depth, I have led and collaborated with cross-functional teams, contributing to the design, improvement, and scaling of security products and detection capabilities. I enjoy mentoring teams, improving processes, and aligning security outcomes with business objectives.

Please review my attached resume for further details. I am open to discussing this role or any other opportunities where my background could add value.

Thank you very much for your time and consideration. I look forward to the possibility of discussing this further.

Sincerely,

Ravi Prakash Mishra

Cybersecurity | Threat Research | Detection Engineering

(Carbon Black by Broadcom)

mishra0230@gmail.com

+91-8879763068

https://www.linkedin.com/in/ravi-prakash-mishra-aa592647/

VMware Carbon Black (Broadcom)

Staff Threat Research Engineer | Dec 2020 – Dec 2025

Pune, Maharashtra, India

 Led detection engineering for enterprise-scale EDR/EEDR platforms, authoring high-fidelity behaviour-based detections resistant to evasion.

 Applied deep expertise in Windows Internals (ETW, AMSI, WMI) to design reliable telemetry and detection logic using frameworks such as DRE, DRE-C, BPE AMSI, YARA, KQL, EQL.

 Influenced VMware Carbon Black EDR product architecture and platform roadmaps by translating emerging attack techniques into scalable security capabilities.

 Owned MITRE ATT&CK Evaluations, AV-Test, and SE Labs gap analysis and remediation, improving detection efficacy and benchmark results.

 Acted as primary participant in Microsoft Active Protections Program (MAPP), operationalizing pre-release vulnerability intelligence for zero-day protection.

 Implemented CI/CD pipelines using GitHub Actions for automated, controlled deployment of detection content.

 Served as senior escalation point for high-severity production incidents, conducting root-cause analysis and long-term risk remediation.

 Authored threat research reports and technical blogs on ransomware, trending malware and advanced malware campaigns.

 Improved overall detection coverage by ~40% while maintaining platform performance.

 Built a hybrid reputation scoring engine integrating internal telemetry with third-party threat intelligence to enable real-time

EDR decisions and reduce false positives by 30%.

 Write/Update EDR Hunting (watch-list)queries on specified events to gather more Intel and Generate Alerts

 Extract IOA and using the resulting data to create detection models and knowledge base to detect similar activities.

 Participate in threat analysis to correlate and attribute malware to threat actors.

 Write/Update EDR Hunting queries on specified events to gather more Intel and Generate Alerts.

 Perform forensic analysis of Windows systems to identify compromise artefacts.

 Advanced Threat Protection Test (ATP)

 Identify detection gaps for Advanced Threat Protection (MITRE ATT&CK) test conducted by third-party Test

 Monitor the latest attack pattern and create detection rule

 Engage with team members to ensure performed a proper attack for analysis and writing detection rule.

 Update detection coverage and involved TTPs detailed information

 Create simulation steps and environment for the live test

 Validate all test scenarios (TTP / Exploitation Framework) before going to participate in 3rd party test

 Microsoft Active Protections Program (MAPP)

 Add a rule for Critical vulnerability within time frames also create a rule for optional vulnerability.

 Detect and prevent exploitation as much as against Zero-day vulnerability

 Work towards vulnerability detection success results always improves.

Sequretek IT Solutions Pvt. Ltd.

Team Lead | Aug 2016 – Nov 2020



Mumbai, Maharashtra, India

Strategic Leadership: Served as the primary technical authority for endpoint agent design, successfully balancing high-fidelity detection with optimal system performance.















Team Management: Directed a cross-functional team of malware analysts and engineers, fostering accountability and a 40%

increase in proactive detection coverage through a structured Threat Hunting program.

Architecture & Design: Oversaw the creation of Control and Information Architecture Diagrams (CIAD) to ensure engineering alignment and product clarity.

Advanced Malware Research: Led initiatives for static and dynamic analysis across diverse formats (VBS, PowerShell, Python,

PHP), driving continuous improvements to detection engines.

Machine Learning Strategy: Managed the development of ML-based malware detection methods, aligning model outputs with evolving threat trends and product requirements.

Performance Optimization: Reduced false positives by 30% through the implementation of automated triage workflows and rigorous rule tuning.

Competitive Analysis: Evaluated competitor technologies to identify threat gaps, presenting actionable differentiators to executive leadership.

Red Team Simulations: Supervised red-team style evaluations to bypass anti-malware engines, utilizing findings to harden product defences against advanced evasion techniques.



Third-Party Benchmarking: Managed relationships with organizations such as AV-Test, AV-Comparatives, and Gartner,

handling dispute resolution and improving product scores.



Mentorship & KPIs: Established team Key Performance Indicators (KPIs), operational dashboards, and a 1:1 coaching cadence to drive continuous skill growth.

63moons Technologies

Senior Software Engineer – Security | Jun 2015 – Aug 2016

Mumbai, Maharashtra, India

 Email Security: Designed and tuned email security detections using sandbox verdicts (Cuckoo, Joe Sandbox) and

URL/attachment behavior analysis.

 Vulnerability Assessment: Conducted assessments across email infrastructure and authored mitigation rules based on vendor advisories.

 Threat Modeling: Coordinated with developers to perform code reviews and architectural security assessments.

Sophos Inc.

Senior Security Engineer | Feb 2015 – Jun 2015

Ahmedabad, Gujarat, India

 Threat Research: Specialized in email forensics and real-time spam analysis to identify cybercriminal tactics.

 Malware Neutralization: Performed unpacking and de-obfuscation of Windows-based malware samples to extract IOCs

 Email Security: Designed and tuned email security detections using sandbox verdicts and URL/attachment behaviour analysis.

 Designed, implemented, and managed enterprise email security controls to protect against phishing, malware, spam, and business email compromise (BEC).

 Administered secure email gateways, enforcing anti-phishing, anti-malware, and content filtering policies across global users.

 Advanced Malware Research: Led initiatives for static and dynamic analysis across diverse formats (VBS, PowerShell, Python,

PHP), driving continuous improvements to detection engines.

Financial Technologies Group

Senior Software Engineer | Nov 2012 – Feb 2015

Mumbai, Maharashtra, India

 Secure Development: Developed code aligned with product security requirements and performed threat modeling as part of the SDLC.

 Risk Assessment: Coordinated security risk assessments for new products and researched secure coding best practices

 Email Security: Designed and tuned email security detections using sandbox verdicts and URL/attachment behavior analysis.

MaxSecure Software

Malware Analyst | Jan 2011 – Nov 2012

Detection Engineering & Malware Research

Pune, Maharashtra, India

 Multi-Platform Analysis: Perform deep static and dynamic analysis to neutralize complex malware threats across Windows,

Linux, and Android ecosystems.

 Behavioural Detection: Research and develop advanced algorithms and heuristic methods to improve detection rates for zero day threats.

 Signature & Rule Development: Author high-fidelity malware definitions and behavioural signatures, ensuring rapid identification and containment.

 Documentation: Produce detailed technical malware descriptions, outlining infection vectors, persistence mechanisms, and identification parameters.

Product Architecture & Development

 Core Engine Development: Architected and developed core components for Enterprise Endpoint Security (EDR/AV) platforms,

focusing on performance and scalability.

 Custom Tooling: Designed and built proprietary tools for runtime behaviour analysis and automated malware processing to streamline the research pipeline.

 Sandbox Orchestration: Built and maintained sophisticated sandbox/lab environments for safe execution and evaluation of malicious code.

Efficacy & Operational Excellence

 Efficacy Testing: Conducted comprehensive product benchmarking, including Real-World, Exploit, and Email testing to measure and improve protection layers.

 Incident Forensics: Performed detailed Windows forensic analysis to identify artefacts of compromise and map attacker movement.

 Quality Assurance: Managed False Positive/Negative (FP/FN) reduction strategies and provided Tier 3 technical support for complex, unresolved security incidents.

Leadership & Mentorship

 Team Enablement: Lead technical training and on boarding programs for new engineers and junior researchers, fostering a culture of continuous learning.

 Cross-Functional Collaboration: Partnered with support teams to resolve critical customer issues and translated field data into product improvements.

Zest InfoTech

Software Engineer | Aug 2010 - Jan 2011

Pune, Maharashtra, India

 Security by Design: Integrated security principles into financial applications, focusing on encryption and access controls.

 Backup & Recovery: Designed secure data replication and recovery solutions, ensuring data integrity during failure scenarios

Eva Solutions

Software Engineer | Sep 2008 – Feb 2010

Delhi, India

 Full-Lifecycle Development: Managed the end-to-end SDLC by translating complex Business Requirement Specifications (BRS) into high-performance code and scalable architectural designs.

 Technical Documentation: Authored and maintained comprehensive technical documentation and BRS updates to ensure alignment between stakeholder requirements and engineering execution.

 Requirement Analysis: Collaborated with cross-functional teams to dissect project requirements, ensuring 100% alignment between initial scope and final deliverables.

Post Graduate Diploma – System Software Development |C-DAC Acts Pune | Mar 2010 – Aug 2010

 B.Tech – Computer science & information technology | MJP Rohilkhand University, IN | July 2003 – Jun 2007