Shivani M Pawar

Senior Security Analyst

Hyderabad, India 4+ yrs exp 89 · Excellent

About

Cybersecurity professional specializing in Security Operations Center (SOC), incident response, alert triage, and threat hunting across enterprise environments. Experienced in SIEM, EDR, and XDR platforms including Splunk, Microsoft Defender XDR, and CrowdStrike Falcon to detect and respond to advanced threats. Skilled in malware analysis, phishing, ransomware detection, vulnerability assessment, and MITRE ATT&CK-based detection engineering to improve alert fidelity and reduce false positives.

Skills & Expertise (41)

SOC Operations Advanced

8.5/10

Years Exp

Incident Response Advanced

8.3/10

Years Exp

SIEM Advanced

8.1/10

Years Exp

Threat Hunting Advanced

8.0/10

Years Exp

EDR Advanced

8.0/10

Years Exp

Microsoft Defender XDR ISO 27001 CrowdStrike Falcon SIEM Operations SIEM tuning Alert correlation SOAR Microsoft Azure AD IAM Conditional Access MFA Identity Threat Detection Python KQL PowerShell ServiceNow Incident Response Lifecycle SOC 2 Malware Analysis XDR detection engineering Threat Intelligence MITRE ATT&CK Cloud Security Identity & Access Management Log Analysis Security monitoring Splunk Phishing Ransomware Incident Handling Endpoint Security Network Security IDS IPS Email Security

Work Experience

Senior Security Analyst

Deloitte USI

Jan 2022 - Present

Led end-to-end incident response and SOC operations across endpoint, identity, email, and cloud environments using Microsoft Defender XDR and SIEM platforms. Conducted threat hunting using KQL (Advanced Hunting) and MITRE ATT&CK techniques to identify stealthy threats. Designed and implemented detection engineering use cases, improving detection of phishing, identity attacks, lateral movement, and credential abuse. Analysed large-scale telemetry (Defender, Azure AD, network logs) to generate actionable threat intelligence and enhance incident response. Reduced false positives by 30% through SIEM tuning and improved alert correlation. Monitored identity-based threats including suspicious sign-ins, MFA fatigue attacks, and conditional access anomalies in Microsoft Entra ID. Investigated advanced threats including Emotet, Pikabot, ransomware, and credential harvesting campaigns. Correlated alerts across Defender XDR, Splunk, and CrowdStrike to improve detection and visibility. Managed full incident management lifecycle including detection, analysis, containment, eradication, and recovery. Executed containment actions including host isolation, file quarantine, and IOC blocking to prevent threat spread. Handled high-volume security alerts in a 24x7 SOC environment, performing triage and prioritization based on severity while ensuring timely response and SLA compliance. Reduced mean-time-to-response (MTTR) by optimizing SOC workflows and automation processes. Leveraged AI/ML-driven security analytics to detect anomalous behavior and enhance threat detection capabilities.

Info Security Analyst

BDO

Aug 2021 - Jan 2022

Performed real-time security monitoring, alert triage, and incident response in a 24x7 SOC environment using Splunk and Microsoft Defender. Conducted log analysis and threat analysis to identify attacker behavior and reduce false positives. Investigated phishing, malware, unauthorized access, and lateral movement incidents. Supported SIEM operations, SIEM management, and detection engineering to improve alert quality and SOC efficiency. Contributed to SOC playbooks, incident handling procedures, and response workflows. Collaborated with cross-functional teams to improve incident response and security posture. Participated in purple team exercises to validate detection capabilities and strengthen SOC operations. Utilized threat intelligence platforms (VirusTotal, AlienVault OTX) for IOC enrichment and threat correlation. Investigated identity-based threats including suspicious logins and account compromise using Azure AD.