Dhanush Gokul P

Senior Cybersecurity Engineer – Endpoint Security.

Global Enterprise Customer | Jul 2021 – Till now

• Owned and enforced enterprise endpoint and identity security controls across SEP, Microsoft Defender (MDE & MDAV), BitLocker, EOP, MDCA, and Defender for Identity, continuously strengthening security posture and driving endpoint compliance to approximately 99%.
• Led and managed multiple major security incidents (P1/P2) over several years, owning investigation, containment, remediation, and post-incident hardening while coordinating across security, infrastructure, and platform teams.
• Investigated and contained recurring phishing campaigns, designed preventive email security controls using Exchange Online Protection and Valimail, and enforced SPF, DKIM, and DMARC to reduce spoofing and phishing recurrence.

Endpoint Detection, Engineering, and Migrations:

• Led endpoint security migrations and platform transitions, including MMA to unified MDE agents, SEP to MDAV, and onboarding of Windows and Linux systems into Microsoft Defender to improve telemetry consistency and detection coverage.
• Collaborated with cross-functional teams to enhance overall security posture.
• Monitored security incidents and responded promptly to mitigate potential breaches.
• Evaluated emerging technologies to improve cybersecurity measures and tools used.
• Documented security policies and procedures for compliance with industry standards.
• Investigated any violations or irregularities reported by users regarding unauthorized access attempts or malware infections.
• Monitored compliance with established security policies and procedures by conducting audits regularly.
• Provided technical support related to security product installation and use.
• Monitored systems for indications of threats, security breaches or intrusions.
• Evaluated performance indicators to assess security control quality.
• Performed deep Microsoft Defender troubleshooting, resolving onboarding failures, sensor health issues, telemetry gaps, connectivity problems, and detection inconsistencies in live production environments.
• Developed KQL-based Advanced Hunting queries and custom detection logic to identify suspicious process execution, abnormal authentication behavior, lateral movement indicators, and emerging endpoint threats.

BitLocker, Identity, and Cloud App Security:

• Drove BitLocker hardening and encryption reliability, enforcing stronger cryptographic algorithms, resolving key escrow and recovery issues, and closing encryption compliance gaps.
• Achieved and sustained full Defender for Identity (MDI) coverage, proactively identifying non-reporting Domain Controllers, and resolving sensor, health, and connectivity issues.
• Analyzed MDI alerts and identity-based attack indicators, supporting investigation and containment during security incidents.
• Implemented Microsoft Defender for Cloud Apps (MDCA) policies to monitor risky cloud application usage and enforce governance controls over unsanctioned SaaS access.

Automation, Platform Engineering, and Upgrades:

• Designed and implemented security automation for SEP operations and compliance reporting, eliminating repetitive manual workflows, and improving operational reliability.
• Enhanced SEP automation scripts to overcome native API limitations, improving scalability and operational resilience.
• Planned and executed SEPM upgrades and platform migrations in production environments, including validation, cleanup, and legacy decommissioning.

Technical Leadership:

• Acted as a senior escalation point for L3 endpoint and identity security issues, mentoring junior engineers, and guiding complex troubleshooting and remediation decisions.
• Authored standardized incident response SOPs and L3 troubleshooting runbooks for endpoint, email, and identity security scenarios. - Published KPI, RU, WSR, and compliance reports for AV, EDR, encryption, and identity platforms to support audits and billing.
• Drove cross-team security initiatives by resolving technical dependencies and ensuring timely implementation of security improvements.
• Collaborated with cross-functional teams to enhance cybersecurity policies and procedures.
• Monitored security alerts and responded to incidents in real-time.
• Participated in design reviews for proposed technology solutions ensuring that appropriate levels of security are incorporated into designs.
• Collaborated with internal teams such as development, engineering, QA, support staffs to ensure security best practices are followed throughout the SDLC process.