Parthiban A
Security Detection Engineer
Hyderabad
Summary
Dynamic and highly skilled Security Detection Engineer with over 10 years of progressive experience in both global and internal Security Operations Centers (SOCs). Demonstrated success in leading SOC operations, managing analyst teams, and driving threat detection strategies across enterprise environments. Adept at building and optimizing detection frameworks, incident response playbooks, and threat hunting methodologies aligned with MITRE ATT&CK.
Expert in SIEM technologies, Incident response, log analysis, and cloud security, with deep proficiency in Microsoft Defender for Cloud, Azure DevOps, and Kusto Query Language (KQL).
Demonstrated ability to identify and mitigate complex cybersecurity threats, reduce alert fatigue, and enhance SOC efficiency through automation and correlation logic. Recognized for mentoring junior analysts, leading cross-functional initiatives, and safeguarding critical assets in high-stakes environments.
Overview
11
11
years of professional experience
Work History
Security Detection Engineer
Microsoft
12.2024 - Current
- Responsible for creating detections and conducting initial reviews for new detection onboarding requests.
- Perform threat hunting against sophisticated attacks, uncover new TTPs (Tactics, Techniques, and Procedures).
- Evaluate product detections, and ensure robust detection mechanisms.
- Collaborate with SOC to perform peer reviews, evaluate provided data, confirm fidelity assessments, and develop investigation playbooks.
- Develop complex workflows involving attribution, enrichment, security team routing, and case handling.
- Integrate detection workflows into broader processes to streamline case handling and improve detection capabilities.
- Ensure threat and coverage-driven prioritization of detection needs in the context of an evolving threat landscape.
- Expand environment coverage and reduce detection gaps
Security Engineer II
Microsoft
12.2021 - 11.2024
- Responding to high-severity alerts generated by security technologies and custom alerts. Additionally, conducting post-incident reviews to enhance our detection effectiveness.
- Taking active role in incident response activities. Leveraging insights gleaned from prior incidents involving adversaries to refine our response strategies and create custom detections to mitigate future threats.
- Actively involved in identifying Security Risks within our environment and collaborating with multiple teams to address them at different levels.
- Created playbook in Sentinel that focuses on detecting compromises related to identity within our environment.
- Increasing scope of Microsoft assets covered by security monitoring service and reduce false positive.
- Improving our ability to detect existing and emerging attacks and unauthorized activity.
- Improving Telemetry/metrics to provide better transparency into functions and rapidly identify failures, gaps and opportunities for investment.
- Involved in semester projects primarily focused on Azure DevOps (ADO) and Microsoft Defender for Cloud monitoring.
Senior Security Analyst
Symantec
02.2019 - 11.2021
- Led a team of security analysts in a 24/7 global SOC environment, overseeing real-time monitoring, triage, and response to security incidents across multiple regions.
- Mentored junior analysts on threat hunting techniques, log analysis, and SIEM tuning, resulting in improved detection accuracy and reduced false positives.
- Led operational readiness by standardizing playbooks and response procedures across global teams, improving consistency and reducing mean time to respond (MTTR).
- Closely working with designated customers to ensure their requests/issues/concerns related to our services are addressed.
- Hands-on experience on managing various EDR products like Crowdstrike, Carbon black, Endgame and Defender.
- Part of core team to develop UEBA (User and Entity Behavior Analytics) in our environment.
- Incorporated MITRE ATT&CK framework to our environment based on the available technologies and the log sources.
- Writing custom rules in SIEM (Correlation engine) based on customer request to detect new threats. Fine tuning alerts based on threat landscape and vendor alert severity
Security Analyst
Symantec
01.2016 - 02.2019
- Involved in multiple Innovative projects which intended to enhance technologies and processes to provide more value to customers.
- Develop tool (called as Huntsman) to perform sandbox based on hash information available in security incidents of our customers.
- Created various reports and dashboard to our customer based on their requirements and security posture.
- Assisted customers in deep dive investigations and provided recommendations based on threats.
Associate Security Analyst
Symantec
06.2014 - 12.2015
- Member of Global enterprise security team which takes care of 500+ customer network around the clock (24x7).
- Analyzing customer logs from various security devices such as Firewalls, IPS / IDS, UTMs and End-point antivirus applications.
- Involved in protecting of Client Infrastructure from known and emerging threats by constantly updating threat intelligence database.
- Identifying Malicious Domains, IP's and updating in Deepsight Intelligence.
- Identifying security incidents by analyzing network traffic and logs data using SIEM tool.
- Understanding Threat Landscape and Researching on Zero- day attacks, malwares.
- Correlating events/activities observed from host and providing detailed analysis to customer.
Internship
Symantec
01.2014 - 06.2014
- Built internal testing environment from the outset.
- Configured Windows Active directory and server 2008 in lab environment.
- Implemented Alien Vault OSSIM to detect threats.
- Configured and maintained Snort NIDS, Squid proxy and Cuckoo malware analysis tool
Education
Master of Technology - Information Security And Cyber Forensics
SRM University
Chennai, India 04.2001 -
Bachelor of Engineering - Computer Science Engineering
Anna University - Arunai Engineering College
Tiruvannamalai 04.2001 -
Skills
Threat Hunting
SIEM
Endpoint Detection and Response (EDR)
Malware Analysis
Incident Response
Forensics
KQL
Azure Logic Apps
Microsoft Azure
Cloud based IR
Accomplishments
- Investigating Windows Endpoint (13Cubed)
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Reverse Engineering Malware (GREM)
Timeline
Security Detection Engineer
Microsoft
12.2024 - Current
Security Engineer II
Microsoft
12.2021 - 11.2024
Senior Security Analyst
Symantec
02.2019 - 11.2021
Security Analyst
Symantec
01.2016 - 02.2019
Associate Security Analyst
Symantec
06.2014 - 12.2015
Internship
Symantec
01.2014 - 06.2014
Master of Technology - Information Security And Cyber Forensics
SRM University
04.2001 -
Bachelor of Engineering - Computer Science Engineering
Anna University - Arunai Engineering College
04.2001 -
Similar Profiles
Tierra WilliamsTierra Williams
Account Executive at MicrosoftAccount Executive at Microsoft
TARUN KUMAR MAHTOTARUN KUMAR MAHTO
Software Engineer 2 at MicrosoftSoftware Engineer 2 at Microsoft
Leonid FurmanLeonid Furman
Senior Software Engineer at MicrosoftSenior Software Engineer at Microsoft
REBECCA NORMANDREBECCA NORMAND
QD Administrator at MicrosoftQD Administrator at Microsoft
Sunil SinghSunil Singh
Internship Student at ForageInternship Student at Forage