SACHIN PATIL

Threat Hunter

• Conducted proactive threat hunting activities to identify advanced persistent threats (APTs) and suspicious behaviors within the network.
• Developed and tested threat hunting hypotheses, leveraging SIEM and EDR tools to investigate anomalies.
• Delivered weekly threat hunting reports, highlighting key findings and recommending improvements to security protocols.
• Delivered weekly threat hunting reports and presented findings to the CISO.
• Collaborated with the incident response (IR) team to investigate and mitigate identified threats.
• Conducted advanced threat hunts across 5,000+ endpoints using SIEM and EDR tools, leading to identification of user data exfiltration (Insider Threat)
• Developed and implemented 35+ detection rules based on threat intelligence and ATT&CK techniques.
• Participated in Purple Team exercises to validate detection logic and develop new use cases based on identified gaps.
• Document hunting methodologies, findings, and recommendations in clear, actionable reports.

SOC

• Handled L1 escalations, ensuring timely incident resolution in line with SLAs by improving triage processes and inter-team communication
• Developed and maintained Standard Operating Procedures (SOPs) to streamline SOC workflows and improve process clarity for Level 1 analysts.
• Refined SIEM/EDR use cases and alerts to minimize false positives.
• Recertified existing use cases to ensure effectiveness and alignment with security requirements.
• Worked with the IR team to contain and resolve security incidents.

• Continuously monitor SIEM dashboards for security alerts and anomalies.
• Ensured timely response to incidents per SLAs and escalated as needed based on severity.
• Escalate verified incidents to Level 2/3 teams based on predefined escalation matrix.
• Provided recommendations to improve alert tuning and detection use cases.
• Apply frameworks like MITRE ATT&CK and Cyber Kill Chain to understand and contextualize threats.
• Conducted IOC sweeps across endpoints and network logs using SIEM and EDR tools to detect and contain potential threats.

• Installed, configured, and managed firewalls across multiple network environments.
• Resolved complex firewall and network connectivity issues.
• Developed and enforced security policies based on industry best practices.
• Handled firewall upgrades, rule changes, and day-to-day operations.
• Maintained documentation and used ticketing systems for issue tracking.
• Provided technical support and collaborated with cross-functional teams.