A career built inside live security operations

Working remotely with a US-based Managed Security Services Provider, investigating and responding to security incidents and supporting alert tuning across pharmaceutical, biopharmaceutical, healthcare, and enterprise client environments.

• Provide security operations and monitoring support across multiple client environments, covering endpoint, identity, email, and network security telemetry.
• Investigate, triage, and respond to security incidents — reducing false positives and driving alerts to resolution within client SLAs.
• Review alerts across SentinelOne, CrowdStrike Falcon, Cortex XDR, Microsoft Defender, and Microsoft Sentinel, recommending tuning and exclusions to cut down noise.
• Currently building out a structured process for alert-exclusion review and Tines automation workflow creation to streamline triage and response across client SOCs.
• Support identity, email, and network security investigations across Okta, Abnormal Security, Zscaler, and Google Workspace.
• Manage operational workflows and incident tracking in Jira for client environments.
• Partner directly with clients in highly regulated industries to recommend security process improvements and operational efficiencies.

Operated at the core of the bank's security operations, owning detection engineering inside Cortex XSIAM and leading incident response across critical banking infrastructure.

• Monitored and managed Cortex XSIAM by onboarding log sources, creating fine-tuned detection rules, automating defenses, and conducting threat hunting to ensure timely remediation.
• Collaborated with Mandiant on a Compromise Assessment, deploying forensic artifact collection agents across 9,000+ devices including servers, endpoints, ATMs, and CRMs.
• Triaged and responded to incidents, ensuring timely containment and remediation across the bank's infrastructure.
• Collaborated with cross-functional teams to mitigate risks, document incidents and lessons learned, and strengthen the organization's security posture.

Worked inside a 24/7 SOC defending multiple client environments, while leading security operations for a flagship healthcare and consumer conglomerate client.

• Executed incident response in a 24/7 SOC to safeguard organizational information security, adhering to client SLAs.
• Collaborated with Security Operations and support teams to monitor, triage, and escalate security alerts across on-premises, AWS, and Azure environments.
• Maintained incident records and produced detailed client reports, ensuring critical data availability for uninterrupted operations.
• Enhanced detection accuracy by collaborating on use case development and SIEM/EDR optimizations.
• Served as Project Lead for a flagship client within a consumer and healthcare-focused conglomerate.

Entry point into managed security services — building the fundamentals of SOC monitoring, vulnerability management, and security reporting.

• Supported the SOC with incident monitoring, threat and vulnerability management, and daily security reporting.
• Analyzed and responded to security incidents, honing skills in incident response and threat intelligence.

First exposure to professional security operations — spanning project management, incident handling, AWS administration, and offensive security awareness work.

• Conducted cybersecurity project management (Basecamp), handled incidents (Jira, TOPdesk), administered AWS, and performed social engineering (OSINT) and phishing simulations.
• Delivered security awareness training and supported AWS administration for secure infrastructure management.