~/sec-ops❯init system.operator --verbose

Jayesh Choudhary

Lead Security Engineer

Security engineer with 5+ years of hands-on experience across detection engineering, insider threat management, cloud incident response, and DLP implementation. Building detection-as-code pipelines, hunting adversaries across cloud and enterprise environments, and translating threat intelligence into measurable security outcomes.

MTTD ↓40%

Cloud Detection

MTTC ↓35%

Incident Containment

400+

Endpoints Secured

16+

Certifications

✉primeash1@gmail.com ▸LinkedIn ▸GitHub ▸FreeIntelHub ▸Blog

MODULEEXECUTION_LOGS — Career Timeline

Payatu

—Lead Security Engineer

May 2025 – Present•Gurugram, Haryana

↓70-80%Manual Triage

↓35%MTTC

95%Endpoint Compliance

↑30%Detection Coverage

›Built end-to-end threat intelligence automation aggregating 50+ cybersecurity RSS sources with auto-categorization, reducing manual triage by 70–80%
›Automated IOC enrichment (IPs, domains, hashes) via AlienVault OTX and VirusTotal with concurrent lookups and confidence scoring for faster SOC/IR investigations
›Delivered Microsoft Purview DLP across ~400 endpoints and 15+ data sources — 10+ custom SITs, trainable classifiers, 25+ DLP policies — improving classification accuracy ~40%
›Deployed and integrated Microsoft Defender, Intune, and Wazuh with 30+ custom security policies, achieving 95% endpoint compliance
›Built 30+ MITRE ATT&CK-mapped threat-hunting queries in Microsoft Sentinel, improving detection coverage ~30%
›Led incident response for active breach scenarios, reducing MTTC ~35% and driving 15+ prioritized remediation actions
›Designed full incident management policy and response program — severity models, escalation matrices, playbooks — improving SOC readiness ~40%
›Implemented Microsoft Teams → Azure Logic Apps → SharePoint Excel workflows eliminating manual security advisory entry

Microsoft SentinelPurview DLPDefenderWazuhIntuneAzure Logic AppsMITRE ATT&CK

Coralogix

—Cloud Incident Response

Sep 2024 – May 2025•Gurugram, Haryana

↓40%MTTD

↓35%MTTR

↓30%False Positives

›Reduced MTTD by 40% through cloud-native detections across CloudTrail, IAM, and VPC telemetry for privilege escalation and data exfiltration scenarios
›Decreased MTTR by 35% with automated containment playbooks — disabled compromised IAM identities and isolated workloads within minutes
›Led end-to-end response for high-severity cloud incidents including IAM compromise and misconfigured storage exposure
›Developed 30+ cloud detection use cases mapped to MITRE ATT&CK (Cloud), reducing false positives by 30% via contextual enrichment and behavioral baselining
›Enforced least-privilege IAM and guardrails, improving overall cloud security posture by 25%

AWS CloudTrailIAMVPC Flow LogsMITRE ATT&CK Cloud

Bank of America

—Insider Threat Management Officer

Sep 2023 – Sep 2024•Gurugram, Haryana

↓25%Exfil Incidents

↓30%IR Time

↓15%False Positives

›Implemented detection alerts for data exfiltration via alternate protocols (DNS/HTTPS tunneling)
›Created detection/response alerts for password spray attacks, Windows tampering, steganography tool usage, and cryptographic site monitoring
›Leveraged threat intelligence feeds to proactively identify insider threats, reducing data exfiltration incidents by 25%
›Contributed to insider threat playbooks incorporating threat intelligence insights, reducing IR times by 30%
›Applied external and internal threat intelligence to enhance monitoring rules — 15% reduction in false positives
›Deployed playbooks and runbooks for incident triage, reducing time by 30%

Insider ThreatDNS TunnelingSteganographySIEMPlaybook Design

Bank of America

—Cyber Security Analyst

Sep 2021 – Aug 2023•Gurugram, Haryana

›Monitored for malicious incidents and managed threats by blocking malicious IP/domains before user access — enabling proactive risk mitigation
›Identified and banned access to high-risk domains across 7,000+ users to prevent data exfiltration

SOCThreat MonitoringDomain Blocking

Detection & Response

—Analyst — Detection and Response

Apr 2019 – Mar 2021

›Designed and tuned EDM- and regex-based DLP detection policies to improve identification of sensitive data patterns
›Conducted periodic DLP policy reviews and user guidance to improve adherence and reduce policy noise
›Refined detection logic to reduce false positives and improve analyst triage efficiency

DLPDetection LogicRegexEDM

CRMNext

—Graduate Engineer Trainee

Apr 2021 – Aug 2021•Mumbai, Maharashtra

›Implemented and managed CRM systems, improving data accuracy and achieving 15% increase in customer satisfaction
›Led CRM system upgrades and migrations with minimal business disruption

CRMSystem Migration

MODULEINCIDENT_RESPONSE — Case Studies & Engagements (Anonymized)

[01]

SWIFT Payment Fraud via BEC — Incident Response & Ground-Up SOC Build

BECSWIFTPhishingForensicsWazuhDefenderIntuneO365ISO 27001SEBIRBI

CRITICAL▸

[02]

BreachForums Data Exposure — Multi-Vector Compromise & SilverFox C2

BreachForumsSilverFox C2KMSPicoTrojan DropperCrowdStrike FalconMemory ForensicsThird-Party Risk

CRITICAL▸

[03]

Enterprise CTI Platform & Brand Monitoring — Architecture & Automation

STIX/TAXIIOASISAzure Logic AppsTyposquattingIOC ValidationCTIAutomation

HIGH▸

[04]

Multi-SIEM Detection Engineering Program — Sigma/YARA + Automated SOAR Response

SentinelCrowdStrikeSplunkOpenSearchSigmaYARASOARMITRE ATT&CKDetection-as-Code

HIGH▸

[05]

Advanced Malware Forensics — Custom Implant Reverse Engineering & C2 Takedown

GhidraIDA ProVolatility3WinDbgYARACAPAMaltegoDNS SinkholeMemory Forensics

CRITICAL▸

[06]

Active Exploitation of Financial API — MSRPC Abuse & Compensating Controls

MSRPCAPI SecurityWiresharktcpdumpSigmaSentinel KQLCompensating Controls

CRITICAL▸

[07]

Cross-Cloud Lateral Movement — Federated Identity Abuse (Azure AD → AWS)

SAMLAzure ADAWS STSFederationCloudTrailConditional AccessIdentity Architecture

CRITICAL▸

[08]

Security Program Architecture for Regulated Fintech — Board-Level Strategy & Execution

CISMCISAISO 27001SEBI CSCRFRBI IT RiskNIST CSFFIRSTRisk QuantificationBoard Reporting

HIGH▸

MODULECAPABILITY_MATRIX — Technical Arsenal & Governance

Technical Skills

Frameworks & Methodology

MITRE ATT&CKMITRE CARMITRE D3FENDISO 27001:2013CMMIThreat ModelingOSINT

Security Domains

DLPVulnerability ManagementThreat IntelligenceEndpoint SecurityCloud SecurityIAMAppSecIncident ResponseRisk ManagementCryptographyNetwork SecurityPrivacy Regulations

Security Tools

SplunkArcSightMicrosoft SentinelCrowdStrikeTrellix EPOProofpointObserveITSecurity OnionAlienVaultTheHiveWiresharktcpdumpPantherElasticVantaZeropathStep Security

Malware Analysis

STIX / OpenIOCMISPOpenCTIIDA ProGhidraPEstudioCAPAMaltegoWinDbgYARAUPXRegshot

Cloud & Infrastructure

AWSAzureGCPDockerMicrosoft DefenderIntuneWazuhAzure Logic Apps

Languages & Platforms

PythonJIRAServiceNowRSAM

Framework Expertise

SOC 2 Type IISecurity, Availability, Confidentiality, Privacy, Processing Integrity

100% audit observation closure▸

ISO 27001 / 27002Information Security Management System & Code of Practice

ISMS aligned▸

NIST CSF / SP 800-53Cybersecurity Framework & Security and Privacy Controls

Detection ↔ NIST mapped▸

GDPRGeneral Data Protection Regulation (EU)

↓30% data violations▸

FIRSTForum of Incident Response and Security Teams

↑40% SOC readiness▸

Policy Design

Data Protection & Privacy

▸Data Classification & Handling Policy
▸Data Retention & Disposal Standard
▸GDPR Data Subject Rights Procedure
▸Data Protection Impact Assessment (DPIA) Process
▸Cross-Border Data Transfer Safeguards

IMPACT: DLP program covering ~400 endpoints with 25+ policies and 10+ custom SITs — classification accuracy improved ~40%

Incident Response & Management

▸Information Security Incident Response Policy
▸Severity Classification & Escalation Matrix
▸Breach Notification Procedure (72-hour GDPR alignment)
▸Incident Response Playbooks & Runbooks
▸Post-Incident Review & Lessons Learned Process

IMPACT: Full IR program design — MTTC reduced ~35%, SOC response readiness improved ~40%

Access & Identity Governance

▸Identity & Access Management Policy
▸Privileged Access Management Standard
▸Least-Privilege IAM Enforcement (Cloud)
▸Access Recertification Procedure

IMPACT: Enforced least-privilege across AWS/Azure — cloud security posture improved 25%, IAM misconfigurations reduced 90%

Endpoint & Cloud Security

▸Endpoint Security Compliance Policy
▸Cloud Security Posture Management Standard
▸Microsoft Defender / Intune / Wazuh Policy Set (30+ policies)
▸Continuous Monitoring & Drift Detection

IMPACT: Achieved 95% endpoint compliance with centralized visibility across Defender, Intune, and Wazuh

Risk & Compliance Metrics

100%

Audit Closure

All data protection and IR audit observations closed

↓30%

Data Violations

Business-impacting violations reduced via Purview DLP

↑40%

SOC Readiness

Post incident management program operationalization

95%

Endpoint Compliance

Across Defender, Intune, and Wazuh policies

↓35%

MTTC Reduction

Mean time to contain via structured IR program

25+

DLP Policies

Custom policies across 15+ data sources

›Frameworks: SOC 2 Type II · ISO 27001/27002 · NIST CSF / SP 800-53 · GDPR · FIRST CSIRT
Tooling: Microsoft Purview · Defender · Intune · Wazuh · Azure Logic Apps · Custom Python automation

MODULEDEPLOYED_SYSTEMS — Projects & Open Source

⟩FreeIntelHub — Open Source CTI Platform

Real-time cyber threat intelligence platform with RAG-based LLM intelligence generation, PostgreSQL + Neo4j + Redis storage, Kafka ingestion, and semantic IOC search via Pinecone. Full-stack system evolved from a Node.js/Express app.

Node.jsPostgreSQLNeo4jRedisDockerClaude API

⟩Open Source Threat Intelligence Platform

Standalone CTI platform built on OpenCTI and Docker. Deployed Docker Swarm with Portainer, added TRAEFIK reverse proxy, and integrated MISP for threat feed aggregation.

OpenCTIDocker SwarmSTIXMISPTRAEFIK

⟩Threat Intelligence Dashboard

Custom dashboard integrating STIX/TAXII data formats with MITRE ATT&CK for real-time threat hunting. Automated ingestion and normalization of feeds from multiple open-source sources, improving detection accuracy by 25%.

STIXTAXIIMITRE ATT&CKPython

⟩Homelab — Detection & Monitoring

Full detection lab: pfSense firewall for network segmentation, Security Onion as IDS/monitoring/log management, Kali Linux attack machine, Windows Domain Controller, and Splunk for log aggregation.

pfSenseSecurity OnionVMwareSplunkKali Linux

⟩100 Days of YARA

Public GitHub repository documenting a structured 100-day deep dive into YARA rule writing for malware detection and threat hunting.

YARAMalware AnalysisGitHub

⟩Daily Does of Cybersecurity News

Active cybersecurity news and analysis blog covering threat landscape developments, tooling, and security practices.

BlogCTIWriting

MODULECREDENTIAL_STORE — Verified Certifications

CISSP

Certified Information Systems Security Professional

ISC²

✓ VERIFIED

CISM

Certified Information Security Manager

ISACA

✓ VERIFIED

CISA

Certified Information Systems Auditor

ISACA

✓ VERIFIED

CASP+

CompTIA Advanced Security Practitioner

CTA

CompTIA

✓ VERIFIED

PenTest+

CompTIA Penetration Testing

CTA

CompTIA

✓ VERIFIED

CySA+

CompTIA Cybersecurity Analyst

CTA

CompTIA

✓ VERIFIED

Security+

CompTIA Security+

CTA

CompTIA

✓ VERIFIED

CFR-410

CyberSec First Responder

CFR

CertNexus

✓ VERIFIED

SC-100

Cybersecurity Architect Expert

MSFT

Microsoft

✓ VERIFIED

SC-300

Identity & Access Administrator

MSFT

Microsoft

✓ VERIFIED

SC-200

Security Operations Analyst

MSFT

Microsoft

✓ VERIFIED

AZ-500

Azure Security Engineer Associate

MSFT

Microsoft

✓ VERIFIED

SC-900

Security, Compliance & Identity Fundamentals

MSFT

Microsoft

✓ VERIFIED

CCSK v4 & v5

Certificate of Cloud Security Knowledge

CSA

✓ VERIFIED

Google IT Professional

Google Career Certificate

GOOG

Google

✓ VERIFIED

MODULEIN_PROGRESS — Certifications In Progress

CRISC

IN PROGRESS

Certified in Risk and Information Systems Control

ISACA

Enterprise IT risk identification, assessment, response, and monitoring. Validates ability to design and implement IS controls aligned to business objectives.

RELEVANCE: Strengthens risk quantification and GRC capabilities — complements CISM and CISA for senior risk advisory roles.

ISSMP

IN PROGRESS

Information Systems Security Management Professional

ISC²

CISSP concentration in security program leadership — covers project management, security operations, business continuity, law and ethics, and compliance.

RELEVANCE: Formalizes security program design and leadership experience — directly maps to the SOC build and IR program work at Payatu.

ISSAP

PLANNED

Information Systems Security Architecture Professional

ISC²

CISSP concentration in security architecture — access control, cryptography, network/application security architecture, and technology-related BCP/DRP.

RELEVANCE: Validates architectural decision-making across cloud, network, and identity — relevant to cross-cloud federation and zero-trust design work.

ISSEP

PLANNED

Information Systems Security Engineering Professional

ISC²

CISSP concentration in security engineering — systems engineering principles applied to secure system design, including NIST RMF and systems security lifecycle.

RELEVANCE: Deepens detection engineering and security automation expertise — aligns with multi-SIEM detection-as-code program and SOAR automation work.

›Recommended sequence: CRISC → ISSMP → ISSAP → ISSEP
All three ISS concentrations require active CISSP in good standing.

MODULECOMMS_INTERFACE — Get In Touch

primeash1@gmail.com

PHONE

+91-7357726793

linkedin.com/in/jayesh-chaudhary

GITHUB

github.com/Ashdex

FREEINTELHUB

ASHDEX/FreeIntelhub

BLOG

dailydoesofcybersecuritynews.com