Sparsh Bhatia

I’m a cybersecurity professional focused on security engineering, automation, threat detection, and vulnerability management. In my day-to-day work, I strengthen enterprise security posture by monitoring, analyzing, and responding to security events across SIEM, EDR, and cloud security platforms.

At Ingram Micro, I improved detection and automated response workflows in Microsoft Sentinel and Rapid7 Insight IDR using Insight Connect, helping streamline parts of the incident response process. I also developed KQL queries and Python-based detection logic in MDATP and CrowdStrike, reducing alert noise by 90% and improving the quality of alerts.

I support forensic investigations and ransomware-related assessments using MDATP, CrowdStrike, and Rubrik, contributing to root cause analysis and recovery efforts. I enhance visibility with Axonius to identify unmanaged systems, align security operations with Zero Trust practices, and manage remediation prioritization through Tenable SC/IO by tracking fixes based on risk.

I’ve also built operational maturity through scripting and reporting (Python and Bash for automation and reconciliation) and by creating security dashboards and documentation to improve SOC performance. Beyond operations, I led an enterprise-wide 1Password deployment, implemented a cloud-based incident response investigation toolkit, and handled end-to-end security tool migrations from on-premises to cloud with testing, validation, and rollback planning.