Skip to main content
SU
Open to opportunities

Safal Upadhaya

@safalupadhaya

Cyber Threat Hunter and Detection Engineer building high-fidelity detections across Google SecOps, Microsoft Sentinel, and CrowdStrike.

India
Message

What I'm looking for

I’m looking for a role where I can run hypothesis-driven hunts, map detections to MITRE ATT&CK, and ship high-fidelity detection content. I want to combine CTI, EDR/XDR telemetry, and ML-based anomaly insights to reduce false positives and improve incident outcomes.

I’m a Cyber Threat Hunter and Detection Engineer with 3+ years of hypothesis-driven hunts and detection engineering across Google SecOps (Chronicle), Microsoft Sentinel, and CrowdStrike Next-Gen SIEM. I map findings to MITRE ATT&CK and operationalize CTI into proactive coverage for credential abuse, lateral movement, privilege escalation, and ransomware precursors.

At Cyderes, I expanded multi-cloud threat visibility by researching emerging malware families, phishing kits, and APT TTPs—then turning those insights into production-ready detection and hunt content. I reduced false positives by 25–40% by developing and tuning 100+ high-fidelity rules, while raising detection accuracy through rule lifecycle management, regression testing, and performance tuning.

I also bring a data-science foundation in ML-based anomaly detection and behavioral analytics to strengthen hunting workflows, plus an offensive edge from being ranked Top 300 globally on Hack The Box. From implementing EDR/SIEM/XDR optimizations to building Detection-as-Code (DaC) pipelines with automated CI/CD, I focus on repeatable, high-signal detections that improve investigations and close detection gaps.

Experience

Work history, roles, and key accomplishments

CY
Current

Detection Engineer

Cyderes

Oct 2024 - Present (1 year 8 months)

Led hypothesis-driven hunts for credential abuse, lateral movement, privilege escalation, and ransomware precursors across multi-cloud environments. Built 100+ MITRE ATT&CK-mapped detection rules in Microsoft Sentinel (KQL) and Google SecOps (YARA-L), reducing false positives by 25–40% and operationalizing CI/CD-based Detection-as-Code pipelines.

Threat HuntingATT&CK MappingDetection EngineeringDetection As CodeCI CDFalse Positive TuningIncident Response
MI

Cybersecurity Specialist

Microland

Jul 2022 - Jul 2024 (2 years)

Performed proactive threat hunting and IOC/TTP analysis on endpoint and network telemetry to surface early-stage intrusions and insider-threat patterns. Implemented and optimized EDR/SIEM/XDR controls, increasing detection accuracy by 70%, cutting response time by 30%, and improving phishing detection by 25% using Darktrace and enrichment tooling.

Threat HuntingIOC AnalysisEDRSIEMPhishingKey Vault Access GovernanceIncident Response
HI

Machine Learning Engineer

HighRadius

May 2021 - Jun 2022 (1 year 1 month)

Built ML models for anomaly detection and classification that were later applied to behavioral threat hunting and security analytics. Developed a patented system to classify enterprise ERP transaction categories and reduced model deployment time by creating reusable data pipelines and preprocessing tooling.

Machine LearningAnomaly DetectionClassificationDeep LearningPythonData Pipelinesdata preprocessingSecurity AnalyticsBehavioral Analytics

Education

Degrees, certifications, and relevant coursework

Lovely Professional University logoLU

Lovely Professional University

Bachelor of Technology (B.Tech), Computer Science & Engineering (Cybersecurity Specialization)

2018 - 2022

Completed a B.Tech in Computer Science & Engineering with a Cybersecurity specialization at Lovely Professional University (2018–2022).

Tech stack

Software and tools used professionally

GitHub logo

GitHub

Gmail logo

Gmail

Rollout logo

Rollout

Terraform logo

Terraform

Wireshark logo

Wireshark

Linux logo

Linux

Prisma logo

Prisma

CrowdStrike logo

CrowdStrike

Ansible logo

Ansible

Mapped logo

Mapped

SQL logo

SQL

HighRadius logo

HighRadius

Burp Suite logo

Burp Suite

Nmap logo

Nmap

Metasploit logo

Metasploit

Bash

Enhance logo

Enhance

Movement logo

Movement

Falcon logo

Falcon

Availability

Open to opportunities

Location

India

Authorized to work in

India

Portfolio

github.com/ParanoiaSamurai

Job categories

Threat HunterDetection EngineeringThreat Detection EngineeringCybersecurity SpecialistMachine Learning EngineerData ScientistPenetration TesterThreat HuntingThreat Hunt AnalystThreat Hunting AnalystCyber Threat Analyst

Skills

Threat HuntingBehavioral AnalyticsAnomaly DetectionThreat IntelligenceEDR XDR Telemetry AnalysisIOC AnalysisDetection EngineeringIncident ResponseDigital ForensicsMalware AnalysisReverse EngineeringDetection As CodeCI CD For Detection ContentRule Lifecycle ManagementAlert TuningGoogle SecOps ChronicleAzure SentinelCrowdStrike Falcon Cloud SecurityYARACQLSigmaRegexCortex XDRMicrosoft DefenderEDRWiresharkAzure SecurityPrismaSecurity GroupsKey VaultsPenetration TestingOWASP Top 10Vulnerability ResearchBurp suiteNmapMetasploitPythonBASHLinuxAnsibleTerraformMachine LearningDeep LearningCrowdstrikeEnhanceFalconGitHubGmailHighRadiusMappedMovementRolloutSQL

Interested in hiring Safal?

You can contact Safal and 90k+ other talented remote workers on Himalayas.

Message Safal

People also viewed

View all talent

Find your dream job

Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan