Skip to main content
SU
Open to opportunities

Safal Upadhaya

@safalupadhaya

Cyber Threat Hunter and Detection Engineer building high-fidelity detections across Google SecOps, Microsoft Sentinel, and CrowdStrike.

India
Message

What I'm looking for

I’m looking for a role where I can run hypothesis-driven hunts, map detections to MITRE ATT&CK, and ship high-fidelity detection content. I want to combine CTI, EDR/XDR telemetry, and ML-based anomaly insights to reduce false positives and improve incident outcomes.

I’m a Cyber Threat Hunter and Detection Engineer with 3+ years of hypothesis-driven hunts and detection engineering across Google SecOps (Chronicle), Microsoft Sentinel, and CrowdStrike Next-Gen SIEM. I map findings to MITRE ATT&CK and operationalize CTI into proactive coverage for credential abuse, lateral movement, privilege escalation, and ransomware precursors.

At Cyderes, I expanded multi-cloud threat visibility by researching emerging malware families, phishing kits, and APT TTPs—then turning those insights into production-ready detection and hunt content. I reduced false positives by 25–40% by developing and tuning 100+ high-fidelity rules, while raising detection accuracy through rule lifecycle management, regression testing, and performance tuning.

I also bring a data-science foundation in ML-based anomaly detection and behavioral analytics to strengthen hunting workflows, plus an offensive edge from being ranked Top 300 globally on Hack The Box. From implementing EDR/SIEM/XDR optimizations to building Detection-as-Code (DaC) pipelines with automated CI/CD, I focus on repeatable, high-signal detections that improve investigations and close detection gaps.

Experience

Work history, roles, and key accomplishments

CY
Current

Detection Engineer

Cyderes

Oct 2024 - Present (1 year 8 months)

Led hypothesis-driven hunts for credential abuse, lateral movement, privilege escalation, and ransomware precursors across multi-cloud environments. Built 100+ MITRE ATT&CK-mapped detection rules in Microsoft Sentinel (KQL) and Google SecOps (YARA-L), reducing false positives by 25–40% and operationalizing CI/CD-based Detection-as-Code pipelines.

MI

Cybersecurity Specialist

Microland

Jul 2022 - Jul 2024 (2 years)

Performed proactive threat hunting and IOC/TTP analysis on endpoint and network telemetry to surface early-stage intrusions and insider-threat patterns. Implemented and optimized EDR/SIEM/XDR controls, increasing detection accuracy by 70%, cutting response time by 30%, and improving phishing detection by 25% using Darktrace and enrichment tooling.

HI

Machine Learning Engineer

HighRadius

May 2021 - Jun 2022 (1 year 1 month)

Built ML models for anomaly detection and classification that were later applied to behavioral threat hunting and security analytics. Developed a patented system to classify enterprise ERP transaction categories and reduced model deployment time by creating reusable data pipelines and preprocessing tooling.

Education

Degrees, certifications, and relevant coursework

Lovely Professional University logoLU

Lovely Professional University

Bachelor of Technology (B.Tech), Computer Science & Engineering (Cybersecurity Specialization)

2018 - 2022

Completed a B.Tech in Computer Science & Engineering with a Cybersecurity specialization at Lovely Professional University (2018–2022).

Find your dream job

Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan