AMRUTH KUMAR A

• Served as the primary point of contact for multiple clients, managing end-to-end security operations, and ensuring effective coordination between stakeholders and SOC teams.
• Designed and deployed MITRE ATT&CK–mapped detection rules across SIEM platforms, improving detection coverage for advanced TTPs.
• Led end-to-end incident response as the escalation point for high-severity incidents, coordinating with the SOC, IR, cloud, and infrastructure teams.
• Managed device and log source onboarding/offboarding within the SIEM platform, including proactive monitoring and troubleshooting of log flow, and log ingestion issues, to ensure uninterrupted security visibility.
• Automated security alerts, developed interactive dashboards, and generated customized security reports to deliver actionable insights, and improve operational efficiency.
• Prepared and presented detailed daily, weekly, monthly, and quarterly security performance reports to clients, summarizing key operational and threat metrics.
• Conducted proactive threat hunting across endpoints, networks, and cloud telemetry, identifying previously undetected attack patterns.
• Led root cause analysis (RCA) for major incidents, driving lessons learned, and implementing detection enhancement plans to prevent recurrence.
• Developed and standardized SOC standard operating procedures (SOPs) and investigation playbooks, enhancing response consistency and operational efficiency.

• Developed and maintained advanced SIEM detection rules, content aligned with MITRE ATT&CK techniques.
• Built detections for rule-based and behavior-based detection policies using UEBA (User and Entity Behavior Analytics), with platform-specific query languages.
• Actively engaged in P1 incident management, coordinating with key stakeholders to assess activities, determine legitimacy, and achieve effective resolution.
• Participated as a member of the Detection Engineering Team. Accurately and rapidly respond to security incidents, as assigned by the Incident Handler.
• Proactively contributed to the tuning and development of security information and event monitoring systems (SIEM) use cases, and other security control configurations, to enhance threat detection capabilities.
• Created investigation playbooks, SOPs, and JIRA-based workflows to support SOC analysts.

• Provided 24/7 SOC monitoring using Splunk.
• Performed alert triage, log analysis, and incident escalation.
• Created and optimized SIEM use cases to detect suspicious and malicious behavior.
• Investigated complex security alerts by correlating logs across cloud, endpoint, and network sources.
• Delivered root cause analysis and incident reports to internal stakeholders.
• Developed SOC playbooks and phishing response procedures to improve response times.
• Worked on the ticketing tool, ServiceNow.

Declaration

I do hereby declare that all the above-furnished information and particulars are true to the best of my knowledge and belief.