Sabari Rajan K
Lead Cybersecurity Engineer
Bangalore,KA
Summary
Cybersecurity Security Lead with about 12 years of experience. Working as an SOC lead delivering security services
Overview
13
13
years of professional experience
Work History
L3 Lead
McAfee India private limited
02.2025 - Current
- Perform Threat hunting using different hunting methods and perform Gap assessment on detection misses
- Custom use case creation and SOP and Playbook creation for the Use case creation
- Critical incident management. Working on critical incident and incident escalated from L2 on priority. Lead the incident handling and response and perform incident commanding for overall incident lifecycle.
- Malware analysis on samples and perform threat modeling from the strings obtained.
- DLP policy creation and incident response/Handling critical data exfiltration and insider threat
- SIP programs and quarterly automation target works.
- Suggesting customers for upgrading the environment periodically thus mitigating the current risks and keep the environment more secure to vulnerabilities bringing the systems to compliance standards by performing security risk audit, scanning & policy fine tuning
- AWS incident management
- L3 triaging on cloud related incidents and work with devops on tuning and containment on true positives
- Work on NACL and security group policy management based on requirement.
- Work on cloud security practices and cloud based security controls
SOC Lead
Capgemini India
02.2022 - 02.2025
- Working on Service improvement plans for multiple solutions available in the customer environment.
- Perform SIP meeting biweekly with customer for SIP progress and work with SME s for the product improvement plans and the challenges.
- Development of process and procedures for SOC operations to prevent cyber threats.
- Working with UC team for new SOPs.
- Custom use case creation and finetuning.
- Development and delivery of customer presentations and training of new SOC analysts
- Critical incident management and working on critical incidents on priority
- Delivering weekly & monthly report presentation with customers
- Suggesting customers for upgrading the environment periodically thus mitigating the current risks and keep the environment more secure to vulnerabilities bringing the systems to compliance standards by performing security risk audit, scanning & policy fine tuning
- Working on escalations from client and delivering work on 100% hygiene
- Threat hunting roles and responsibilities
- Work with Threat hunting team and perform Hypothesis and intel-based hunting relevant to customer ecosystem, existing risks and persistent threats
- Perform TH meeting with customer on the detections and mitigated threats and work with UC team for creation of new UC s to cover those threats to occur part of Incident response
Senior Security Analyst
NTT Security limited
03.2021 - 02.2022
- Working on security Incidents through Legacy SIEM Product ,Analyzing and deep diving the alerts using Splunk logs.
- Development of process and procedures for SOC operations to prevent cyber threats.
- Development and delivery of customer presentations and training of new SOC analysts
- Analysis of phishing emails in Proof Point email gateway and threats using EDR.
- SPOC for the team to contact for any escalations/incident response
- Continuously to work with customers and server owners to mitigate threats fine tuning the use cases.
- Delivering weekly & monthly report presentation with customers
- Suggesting customers for upgrading the environment periodically thus mitigating the current risks and keep the environment more secure to vulnerabilities bringing the systems to compliance standards by performing security risk audit, scanning & policy fine tuning
Cyber security Engineer 2
Ansr global innovation center LLP
05.2019 - 03.2021
- Cyber Security Use case development and MITRE framework-based mapping.
- Q-radar device management, Log integration, Parsing, Create and develop co-relation rules.
- Finetuning and improvising the Use case rules and coordinating with the Analyst Team for whitelisting legitimate traffic.
- Working with the Analyst team for true positive incidents and performing trend analysis for understanding.
- Delivering weekly & monthly report presentation with customers
- Threat hunting using Crowd strike EDR and Q Radar SIEM
- Communicating with various IT and business unit leads to ensure proper handling of security information & reporting.
- Addressing escalation for P1 incidents in customer environment and taking reactive actions.
Technical Services Specialist
IBM India Pvt Ltd
04.2017 - 05.2019
- L3 level analyst delivering Security services to global company with 60K+ employees
- Development of process and procedures for SOC operations to prevent cyber threats.
- Development and delivery of customer presentations and training of new SOC analysts
- Analysis of phishing emails in Proof Point email gateway and checking for the rules inuser’s inbox and disconnect their session through security tools
- Monitoring security Incidents through Q Radar.
- SPOC for the team to contact for any escalations/incident response
- Continuously to work with customers and server owners to mitigate threats fine tuning the use cases in Q Radar as per the client requirement
- Delivering weekly & monthly report presentation with customers
- Suggesting customers for upgrading the environment periodically thus mitigating the current risks and keep the environment more secure to vulnerabilities bringing the systems to compliance standards by performing security risk audit, scanning & policy fine tuning
- Delivering cost effective service improvement plans, thus by increasing productivity; fine-tuning the parameters for monitoring system health/ applications / access logs & audit logs
- Analyzing alerts using Q Radar Threat Intelligence management
- Analyzing the traffic patterns in Palo Alto Firewall.
Information security engineer
Sify Technologies limited
02.2015 - 03.2017
- RSA SA SIEM, troubleshooting and integration with event sources.
- Monitoring and analyzing events logs, alerts and generating periodic Reports for trend and forensic analysis
- Monitoring internal user activities based on the event logs from Network security devices and servers.
- Managing vulnerabilities and standard configuration drifts on Network devices and servers.
- Performing Anti-phishing and anti-Trojan analyzation through RSA fraud action supp
Network Security Engineer
Sify Technologies limited
04.2013 - 02.2015
- Configuring generic policies in the DLP manger and inspecting customer outbound Email traffic passing through the DLP email protector. Configuring generic policies in the DLP manger and inspecting customer outbound Email traffic passing through the DLP email protector.
- Working on Content classifiers for the Web proxy and blocking URLs though open proxy.
- Installation configuration and troubleshooting of FortiGate, Juniper firewall and configure policies based on the requirement and manage
Education
B.Tech. - E.C.E
Bharath University
Chennai01.2011
Skills
Q Radar, Microsoft Sentinel and RSA SA
Cisco Email gateway, web sense proxy, Proof Point
MDE/MDO and MDI
Carbon black and Tehri’s EDR
CASB
Websense DLP - Email and Web
FortiGate &Juniper
Fortinet WA
SOC
SIEM
Threat Monitoring, Threat Hunting
Content filtering, IDS/IPS
Email and Web proxy
Timeline
L3 Lead
McAfee India private limited
02.2025 - Current
SOC Lead
Capgemini India
02.2022 - 02.2025
Senior Security Analyst
NTT Security limited
03.2021 - 02.2022
Cyber security Engineer 2
Ansr global innovation center LLP
05.2019 - 03.2021
Technical Services Specialist
IBM India Pvt Ltd
04.2017 - 05.2019
Information security engineer
Sify Technologies limited
02.2015 - 03.2017
Network Security Engineer
Sify Technologies limited
04.2013 - 02.2015
B.Tech. - E.C.E
Bharath University