Sanjeet Sharma

Developed and executed assumed breach scenarios to simulate attacker behavior post-initial access, identifying detection gaps and blind spots across the environment.

Conducted threat hunting campaigns based on breach simulation telemetry, focusing on lateral movement, privilege escalation, and defense evasion patterns.

Collaborated with detection engineering and SOC teams to translate attacker TTPs into actionable detection logic using SIGMA, KQL and YARA rules.

Enhanced threat visibility by enriching and normalizing telemetry data to support high-fidelity detection and hunt operations.

Utilized tools such as Atomic Red Team, MITRE Caldera, and custom scripts to emulate attacker tradecraft and validate telemetry coverage in threat hunts.

Improved detection control effectiveness through a feedback-driven loop: simulation → telemetry validation → detection refinement → proactive hunt execution.

Raised the threat hunting bar by operationalizing threat intelligence and breach simulations into structured, repeatable hunt procedures aligned with MITRE ATT&CK.

Led periodic gap assessments and detection audits, raising the bar for control effectiveness through iterative use case tuning and telemetry refinement.

• Reviewing the infrastructure security posture and defining the roadmap for improving the maturity level.
• Threat hunting to explore the unknown Indicator Of compromise and adding Intelligence to detection capabilities.
• Screening the security maturity of acquired entities and aligning with defined and accepted baseline controls.
• Defining the trend report depicting security prevention & detection controls ROI metrics to business leaders.
• Driving the team and their individual contributions towards organizational congruent goals.
• Exploring & implementing the ‘Assumed Breach’ Use Cases to improve the threat detection coverage and intelligence.

• Reviewing the Security incidents investigations and mentoring the team for the right and structured approach to connect the dots.
• Collaborating with US Head Counterparts for the technical assessments along with keying inputs for improvements and fixing blind spots.
• Streamlining the Incident Response capabilities by incorporating the Response & Resolution SLAs with mutual agreements of stakeholders.
• Reviewing the existing architecture and the policies with cross domain teams and uplifting the maturity of auxiliary technologies.
• Driving the Security awareness initiative across internal staffs by running the workshop of real-time attacks simulation and associated impacts.
• Transition of the traditional SOC to state-of-art Intelligent SOC and enhancing the visibility of threat vectors with near proactive response.
• Incorporated the best practices of Security controls with mindset of doing thing rights.
• Building the cyber security framework tailored with business requirements
• Automating minor but repetitive tasks through native scripts and reducing the overhead of manhrs.
• Active member of IConS initiative promoting innovations and thoughts driving towards operational efficiency and cost optimization.
• Conducting training sessions for the subordinates and peer members to uplift their security concepts and knowledge.

• Administrating & optimizing the SIEM solution across different clients to leverage the ROI from product.
• Supporting the Senior head in preparing and responding the RFP with technical requirements and solutions.
• Successfully executing the initiative of Green Project for one of the critical Customer.
• Handling the customer across geo-location with end-to-end solutions for their business problems linked with technology challenges.

• Manage system information security architecture, design, installation, operational planning, and risk remediation activities for clients, ensuring all systems installed according to schedule. Leading the projects to expand the scope of logging collection of the infrastructure setup in the RSA SIEM.
• Configuring an interoperability for the logs in RSA SIEM to forward it into the skybox solution for the compliance and user traversal records.
• Integrating the Verisign iDefense Threat Intelligence feeds with RSA SIEM via REST API calls to populate the IOC’s data in SIEM.
• Conduct network vulnerability assessments using tools to evaluate attack vectors, identify system vulnerabilities and develop remediation plans and security procedures.
• Reviewed the security architecture of the organization to find gaps that impact the enterprise. Provided comprehensive solutions to enhance the security architecture.

• Running the POC of RSA SIEM solution to handle incident and compliance requirement. Providing the evaluation reports based on cost-benefit analysis for approval of tool selection and deploying the same end-to-end across the environment.
• Developing the complete content management in RSA SIEM and optimizing the same on regular basis.
• Simulating the threats as part of white box testing to measure the efficiency of SIEM tool.
• Deep dive investigations for the major incidents with complete Impact and Root Cause Analysis.
• Operationalizing the SIEM build as a central contact for the CERT services across the organization.

• Install, configure and maintain network services, equipment and devices. Testing of new switches and routers for performance.
• Maintaining and monitoring the local area networks and routers for performance.
• Configuration of Cisco 2800 Series switch for dividing companies’ network into separate broadcast domain for management and security purpose, VLAN, STP, RSTP, NAT. Configuration of routers ip address, routes, terminal connections for remote connections. Provide port security on all cisco switches.
• Installation of switch rack jack panel, testing end2end Connectivity.
• Configuring the ASA firewall and managing ACL rules. Manage user accounts, permissions, email, anti-virus and anti-spam.
• Configure routers as DHCP to provide ip address, routes, terminal connections for remote connections.
• Provide port base security on all Cisco switches.
• Manage user accounts, permissions, email, anti-virus and anti-spam.
• Deploying Active Directory Service, DNS services in Windows 2003 and 2008 servers.
• Maintaining Active Directory database (backup, restore) and Replication. Configuring GPO (at user and computer configuration, deploying software, Publishing Resources, Configured Schedule Backups and Disaster Recovery).
• Maintain and troubleshoot proxy server as required. Configuration of WSUS (2008) upstream and downstream servers.
• Configuration of Additional domain controller and RAS server
• Sharing the knowledge with team for any new issues & resolution.