AI-SOC Operations | Detection Engineering | Security Automation

Operating across triage, tuning, SecEng troubleshooting, and AI-led workflow automation.

I work in a product-based SOC environment where the role is intentionally broad: I investigate alerts, fine-tune rule logic, solve security engineering issues, support customer-facing platform outcomes, and build AI workflows that remove repetitive work from analysts. The result is a blend of operational depth, engineering ownership, and automation initiative.

Review Projects Start a Conversation
Alert Triage and Investigation Rule Tuning and Severity Re-evaluation SecEng Troubleshooting and Integrations AI Workflow and QA Automation

Selected Work

Projects and workstreams that show both operator depth and builder mindset.

01 Live Pipeline

Cyber Intel Pipeline

Built a decoupled Scraping - Normalization - Analysis pipeline where Selenium simulates human browsing, heuristic parsing converts noisy HTML into structured JSONL, and downstream AI only consumes high-signal threat data.

  • Uses source grounding and strict JSON schemas so every reported risk remains verifiable and actionable.
  • Balances local privacy with scale through Ollama and Gemini-based summarization paths.
SeleniumBeautifulSoupOllamaGemini
02 Infra as Code

Plug-and-Play Detection Lab

Treats the full detection environment lifecycle as infrastructure-as-code, orchestrating updates, Docker installation, and Elastic Stack provisioning in one execution.

  • Dockerized across Linux and WSL2 with dedicated networking, single-node Elasticsearch, and auto-connected Kibana.
  • Gets researchers from deployment to log analysis, threat hunting, and dashboard creation within minutes.
DockerElasticsearchKibanaWSL2
03 Internal Automation

AI Workflow Automation Suite

Built internal automation assistants from real operational pain points: a SecEng troubleshooting bot, a QA/QC bot, and a Tuning Agent for day-to-day analyst support.

  • Streamlined repetitive workflows and accelerated team productivity inside live SOC operations.
  • Led to selection into ReliaQuest's newly formed AI SME group.
PythonWorkflow AutomationQA/QCTuning Agent
04 Platform Ownership

Google SecOps Log Source Integration

Owned a customer-facing Google SecOps integration end-to-end by ramping quickly across incident response, security, and detection engineering domains.

  • Bridged platform implementation issues with practical recommendations clients could act on immediately.
  • Expanded from SOC operations into hands-on SecEng and integration ownership.
Google SecOpsLog SourcesDetection EngineeringSecurity Advisory

Experience Timeline

Built through consulting, sharpened in product-SOC operations, expanded through automation.

  1. February 2025 - Present

    ReliaQuest | GreyMatter Specialist (AI SME)

    • Reduced PRQ alert volume by 80% through proactive trend analysis, 26 ARPs pitched with 10 enabled, and 6 rule severity re-evaluation requests while managing around 2,071 tickets as a top contributor.
    • Pioneered AI-driven automation by building a SecEng troubleshooting bot, QA/QC bot, and Tuning Agent, which streamlined workflows and led to selection into the AI SME group.
    • Earned GreyMatter Power User certification by delivering client training workshops and hands-on advisory that improved customer understanding and long-term engagement.
    • Owned a Google SecOps log source integration end-to-end by ramping across IR, security, and detection engineering, producing actionable customer-facing recommendations.

  2. September 2024 - Present

    Hack The Box | Researcher and CTF Player

    • Successfully solved 20+ Hack The Box machines, sharpening practical exploitation, network penetration, and hands-on problem-solving.
    • Published 10+ detailed write-ups that break down methodology, tooling, and lessons learned for the wider community.
    • Earned the Hack The Box Penetration Testing badge, validating commitment to real-world offensive security practice.

  3. July 2023 - December 2023

    Insecsys Pvt. Ltd. | Cybersecurity Consultant

    • Supported pre-sales, client presentations, audits, and security advisory engagements across five companies.
    • Delivered tailored recommendations aligned to client goals and specific cybersecurity concerns.
    • Built strong retention and satisfaction through clear communication, trust, and high-quality advisory support.

Credentials

Formal training in engineering fundamentals, security domains, and ethical hacking practice.

01 Education

Dr. D. Y. Patil Institute of Engineering Management and Research

Bachelor of Engineering in Electronics and Telecommunications with a GPA of 8.2, completed in Pune between August 2019 and June 2023.

  • Academic focus included IoT Security, Enterprise Architecture, Risk Assessment, and Ethical Hacking.
  • Built the technical foundation that now supports both defensive operations and automation work.
IoT SecurityEnterprise ArchitectureRisk AssessmentEthical Hacking
02 Certification

CEHv12 | Certified Ethical Hacker

Completed CEHv12 in August 2024 to deepen offensive-security fundamentals and strengthen practical attacker-perspective reasoning.

  • Supports stronger detection logic by understanding common attack paths and exploitation patterns.
  • Complements hands-on Hack The Box work with formalized ethical hacking coverage.
CEHv12Penetration TestingAdversary MindsetOffensive Security

Command Center

A full-width interactive shell for navigating the portfolio like an operator console.

Use commands to move through sections, inspect profile details, and explore the site in a dedicated shell workspace. Full screen mode is built in.

secure-shell [guest@imayank.online]
MayankOS v3.1 | session initialized
Type help for available commands.
$

Intel Feed

Short tactical write-ups focused on actionable detection strategy.

Content is loaded from your feed source and gracefully handles offline scenarios.

Feed status: active | rewrite mode: analyst-ready

Initializing secure data uplink...

Secure Contact

Share a security challenge and I will respond with a focused action plan.

Signal Window

Capacity is intentionally limited to maintain fast response quality.

Slots remaining: 10/10

  • Best for detection gap reviews
  • Best for SOC automation consultations
  • Best for collaboration opportunities