Looking for a job

Shubhanshu Saini

@shubhanshusaini1

Expert in SIEM, SOC (L1/L2) 7+ yrs exp in CyberSecurity. I build & automate Azure Sentinel/Defender to stop threats. Scalable security, delivered.

India

Message

What I'm looking for

I am seeking a Security Engineer or SOC Analyst role where I can architect and optimize Azure SIEM/SOC monitoring. I am passionate about bridging the gap between engineering and active defense specializing in secure log onboarding, high-fidelity detection content development, and refining L1/L2 investigation workflows.

With a background in SOC operations, I bring a "defender’s mindset" to security engineering. I am proficient in the full incident response lifecycle—from performing L1/L2 analysis and threat triage to developing automated SOAR playbooks that streamline response and reduce alert fatigue. With 7+ years of hands‑on experience supporting over 140 global clients at KPMG, I specialize in Azure Sentinel, RSA NetWitness, and Microsoft Defender. I combine deep technical expertise in detection engineering with strong project management skills to deliver scalable, reliable, and well-documented security solutions.

What I Deliver

SIEM, SOC & Content Development: End-to-end Azure Sentinel & RSA NetWitness. I build high-fidelity KQL detection, parsers, and SOC L1/L2 operational workflows to reduce false positives.
SOAR & Automation: Designing automated playbooks to streamline triage, isolate hosts, and accelerate incident response.
Microsoft 365 Defender Suite: Expert on boarding and tuning for Defender (Endpoint, Identity, Office 365, and Cloud).
Cloud & Identity Security: Hardening Azure/Entra ID with Conditional Access and Entra ID Protection.
Security Engineering: Windows/Linux hardening, ASR rules, and large-scale SIEM migrations (e.g., RSA to Sentinel).
Proven Scale: 7+ years experience; supported 140+ global clients at KPMG.
Practitioner Perspective: I don't just build tools; I optimize them for SOC Analysts to ensure rapid response.
Certified in: SC-100 (Cybersecurity Architect) & AZ-500 (Azure Security Engineer).

I bridge the gap between complex engineering and daily SOC operations. Let’s maximize your security ROI.

Experience

Work history, roles, and key accomplishments

CyberSecurity Team Lead

KPMG India

Apr 2022 - Dec 2025 (3 years 8 months)

Optimized SOC workflows by developing L1/L2 escalation SOPs and streamlining incident response. Managed large-scale SIEM assessments and international audit compliance. Led infrastructure migrations (CentOS to RHEL) using SaltStack for 99.9% uptime. Architected Azure Sentinel monitoring by deploying agents and building custom parsers to normalize critical service data.

Security Engineering Security Operations Project Management Project Delivery Microsoft Office Suite

CyberSecurity Associate Consultant

KPMG India

Apr 2021 - Apr 2022 (1 year)

Investigated threats across NIDS, Firewalls, and DBs, managing 50+ alerts daily. Acted as Tier 3 lead for RSA NetWitness and managed Microsoft Defender global policies. I optimize SIEM health through KQL detection content, log quality checks, and SOP development. Expert in bridging L1/L2 operations with engineering to deliver high-visibility, reliable security.

Security Engineering Security Operations

CyberSecurity Analyst

KPMG India

Feb 2019 - Apr 2021 (2 years 2 months)

Performed 24/7 monitoring and initial assessment of security alerts within Microsoft Sentinel and RSA NetWitness to distinguish between false positives and true security threats.
Meticulously documented investigation steps, findings, and remediation actions within ServiceNow and other ITSM tools to ensure audit readiness and continuous improvement.

Incident Response SIEM