Professional Experience

Operated in a high-pressure CSIRT environment, managing enterprise-scale incident response for ransomware outbreaks, cobalt strike intrusions, command-and-control (C2) callbacks, and suspicious persistence mechanisms.

Performed end-to-end forensic investigations, acquiring memory dumps, analyzing Master File Table (MFT), parsing shell artifacts, and extracting volatile indicators to determine root cause and threat actor behavior.

Led reverse engineering of malware payloads (obfuscated DLLs, PE files, and encrypted scripts) using disassemblers and emulation tools, enabling early-stage detection of custom malware and LOLBins abuse.

Built and refined detection rules (EDR + SIEM), optimizing telemetry logic to detect rare behaviors like token impersonation, parent-child process anomalies, and native API misuse.

Automated containment and recovery workflows using SOAR (XSOAR Cortex), reducing time-to-response (MTTR) for critical alerts across the enterprise.

Drafted enterprise-wide SOPs and playbooks for incidents involving web shell exploitation, lateral movement, credential theft, and cloud-native attacks (Azure/AWS).

Mentored L1 analysts and junior responders through ransomware simulations, real-time triage exercises, and forensic case studies, driving a 92% improvement in detection precision.

Integrated OpenAI APIs to develop early-stage threat narrative classification models, automating contextual alert analysis and tagging within SOC workflows.

Actively contributed to ransomware decryption research, integrating YARA-based scanning logic for novel strains and deploying resilient backup validation methods.

Helped in tuning the detection logic for ransomware and other threats and created a custom detection logic on Splunk and MDE using KQL

Worked closely with iBoss, Zscaler, and Cisco Stealthwatch telemetry for east-west traffic inspection, DLP monitoring, and anomaly detection.