Dhruv Sawhney

Direct engineering initiatives and strategic cloud security transformations for enterprise clients, leading technical architecture and organizational cloud adoption strategies.

• Orchestrate end-to-end cloud migrations from legacy environments to Azure, integrating data sources and building advanced analytics capabilities
• Execute comprehensive threat hunting operations and guide clients on Microsoft security best practices (Entra ID, Defender)
• Lead enterprise-wide cloud security protocol enhancements, ensuring regulatory compliance and industry standard adherence
• Design and deploy service improvement programs that drive revenue growth and elevate client satisfaction metrics
• Collaborate across business units to maintain service line integrity and optimize operational performance

Led specialized cloud security team, driving strategic development of cloud SOC operations while managing end-to-end service delivery and team performance.

• Built and managed high-performing cloud security consultants team, establishing robust operational pipeline for Deloitte's cloud security practice
• Orchestrated integration of endpoint technologies with Microsoft Sentinel, optimizing cloud SIEM architecture and data ingestion workflows
• Executed bi-weekly threat hunting campaigns and developed comprehensive SOPs, ensuring compliance with client security requirements
• Implemented Azure Automation and Playbooks to automate reporting processes and eliminate repetitive operational tasks
• Delivered strategic client communications through weekly, monthly, and quarterly executive reports and managed all service deliverables
• Managed complete talent lifecycle including goal setting, performance evaluation, feedback delivery, and candidate screening for team expansion

Led L2 SOC operations across enterprise SIEM platforms (ArcSight, QRadar, Microsoft Sentinel) while providing technical guidance and ensuring regulatory compliance across departments.

• Supervised L1 analyst operations, reviewed incident investigations, and delivered enhanced threat analysis for escalated cases
• Developed comprehensive playbooks, SOPs, and detection rules to drive continuous platform improvements and operational efficiency
• Conducted proactive threat hunting exercises and delivered detailed RCA reports tailored to client-specific security requirements
• Collaborated with development teams to maintain compliance standards and optimize security architectureAs a consultant the key assignments were aligned to L2 SOC operations.
• Core operations performed on SIEM's like Arc Sight, Qradar and Microsoft Sentinel.
• Responsible for providing technical and management guidance to all departments and work closely with development teams to ensure compliance.
• Overseeing the tasks performed by L1's, reviewing all the incidents and providing in-depth and additional analysis wherever required.
• Providing RCA's for specific incidents, continuous platform improvements via building playbooks, SOP's, New rules, performing threat hunts as per client's requirement.
• SIEM : Arc Sight, Qradar, Microsoft Sentinel
• Security Technologies : Microsoft Defender, Microsoft cloud app security, Microsoft Azure AD, Azure Security Centre, Carbon Black, Crowd strike EDR, ServiceNow
• SOAR : XSOAR PaloAlto

Advanced to L2 role, specializing in incident resolution, root cause analysis, and threat mitigation across enterprise SIEM environments.

• Conducted comprehensive incident investigations and delivered detailed RCA reports for critical security events
• Implemented and troubleshot SIEM endpoints (ArcSight, LogRhythm), ensuring optimal platform performance and data ingestion
• Developed custom detection queries and security rules to address emerging threat vectors and client-specific requirements
• Managed escalated client communications and delivered technical reports across daily, weekly, and monthly cadences

Monitored and triaged security alerts across multiple SIEM platforms (ArcSight, LogRhythm) while managing client requests and conducting threat analysis.

• Delivered weekly/monthly security reports for multiple enterprise clients
• Created custom dashboards to streamline daily reporting and improve operational efficiency
• Provided in-depth security analysis and rapid incident response across diverse client environments