About
Security Engineer managing enterprise security operations across 30+ global manufacturing plants from a single remote base in India, covering EDR triage, identity threat detection, and vulnerability remediation across 2,200+ assets on 4 continents. Specialized in CrowdStrike Falcon EDR, Rapid7 InsightVM, Microsoft Entra ID, and phishing incident response. Brings hands-on experience with Microsoft Sentinel, Wazuh SIEM, KnowBe4, and Cisco security tools with working knowledge of ISO 27001, NIST CSF, GDPR, TISAX, and SOC 2.
Skills & Expertise (39)
Work Experience
Security Engineer
CentroMotion
Apr 2025 - Present
Own security operations across 30+ global manufacturing plants in the USA, Europe, Asia, and South America, managing cross-regional incidents, EDR alerts, and vulnerability remediation remotely from India in line with ISO 27001, SOC 2 Type II, TISAX, and GDPR requirements. Contained endpoint threats by triaging 15-20 medium and high severity CrowdStrike Falcon EDR alerts monthly, performing IOC enrichment and behavioral analysis, then executing device isolation, credential resets, and remediation with documented closure. Reduced phishing risk across the organization by analyzing 6,000+ emails annually using KnowBe4, executing full containment on confirmed threats and running simulation campaigns that achieved 100% security awareness training completion org-wide. Cut critical CVE exposure across 2,200+ assets (400+ servers) by applying CVSS, EPSS, and CISA KEV prioritization through Rapid7 InsightVM, coordinating remediation with IT across 30+ global locations. Detected and escalated identity-based threats including privilege escalation attempts and risky access patterns by monitoring Microsoft Entra ID, Azure PIM, and DLP violations across cloud and on-premises environments. Investigated login anomalies and suspicious access events using Microsoft Defender and ADAudit, performing root cause analysis across identity and endpoint systems, executing access revocation on confirmed incidents, and documenting findings per audit and compliance requirements. Uncovered threats bypassing automated detection by performing proactive threat hunting using CrowdStrike telemetry and IOC-driven hypotheses mapped to MITRE ATT&CK TTPs. Improved real-time threat visibility by monitoring security events across Microsoft Sentinel, Sumo Logic, and Cisco Umbrella, supporting detection and response across endpoint, network, and identity platforms. Supported cloud security monitoring using AWS security services including IAM, CloudTrail, CloudWatch, and GuardDuty to strengthen visibility and compliance across cloud environments. Partnered with 24x7 MDR provider Expel on alert co-investigations and threat validation, ensuring structured and timely resolution across endpoint, email, and identity threats. Reduced manual investigation effort using PowerShell for log querying, user activity analysis, and structured incident documentation across global operations. Blocked access to C2 infrastructure and active phishing domains using Cisco Umbrella DNS security across all global plant locations. Maintained audit readiness by resolving security tickets within SLA timelines in ServiceNow ITSM and documenting remediation evidence for SOC 2 Type II and ISO 27001 requirements.
Network Security Engineer
Shopsky
May 2023 - Apr 2025
Joined as the sole security resource at a government-linked organization and established security operations from the ground up, building endpoint protection, SIEM deployment, vulnerability management, firewall policy, and email security. Deployed Wazuh SIEM and configured log collection across Windows and Linux systems, enabling centralized security event monitoring and incident detection for the first time. Also supported Splunk installation and basic log ingestion setup. Strengthened network perimeter by implementing and managing security policies across FortiGate and Sophos firewalls, configuring content filtering, NAT rules, and least-privilege access controls. Reduced server attack surface by hardening Windows Server and Red Hat Linux environments using CIS Benchmarks and Microsoft Security Baselines. Identified and closed critical security gaps by performing vulnerability assessments using Qualys and Nessus, prioritizing findings by CVSS severity and coordinating remediation with system owners. Protected email infrastructure by administering Cisco ESA with email filtering, anti-spam, DLP enforcement, and email authentication controls including DMARC, SPF, and DKIM. Responded to endpoint threats by monitoring Trend Micro and Seqrite alerts, investigating detections, and executing containment and remediation actions. Supported security validation by performing penetration testing on internal servers, documenting findings, and implementing mitigations to improve overall security posture.
Education
Bachelor of Science, Computer Science - Kannur University
2018 - 2021 · Afghanistan
Master of Science, Cyber Forensics and Information Security - University of Madras
- 2026 · Afghanistan
Certifications
CrowdStrike Falcon Platform Training (FALCON 101)
CrowdStrike · 2026
Rapid7 Vulnerability Management
Rapid7 · 2026
Security Operation and Defense Analyst Training
Splunk · 2026
Fortinet Certified Associate in Cybersecurity
Fortinet · 2025
Certified Blue Team Practitioner (CBTP)
SecOps Group · 2025
Certified Social Engineering Defense Practitioner (CSEDP)
SecOps Group · 2025
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (39)
Click a skill to find developers with the same skill
