Subash Vijayarajendran

Security Architecture & Engineering Cyber Monitoring & Threat Detection Incident Response Purple Teaming & Continuous Improvement Governance & Strategic Oversight

• Designed and implemented end-to-end security architecture for hybrid environments, covering on-prem infrastructure, AWS, and Azure workloads with Cloudguard (CNAPP).
• Defined security control baselines aligned with CIS benchmarks, NIST, and organizational policies for network, identity, and application security.
• Architected scalable logging and monitoring frameworks using SIEM/SOAR tools (QRadar, Defender for Cloud, AWS Security Hub).
• Collaborated with application and DevOps teams to embed security into CI/CD pipelines and ensure runtime protection for cloud-native workloads.
• Led the design and continuous improvement of security monitoring strategies across perimeter firewalls, endpoints, APIs, databases, cloud logs, and SaaS platforms.
• Built and maintained correlation rules, threat detection content, and alert logic for advanced use cases including credential abuse, lateral movement, and cloud resource misuse.
• Enabled centralized visibility by integrating logs from FortiGate, WAFs (e.g., FortiWeb), EDR, cloud telemetry, and API gateways into the SIEM.
• Deployed behavioral analytics and UEBA models to identify insider threats, misconfigurations, and policy violations.
• Led end-to-end incident response for cloud and on-prem incidents — triage, containment, forensics, recovery, and post-incident reviews.
• Developed incident playbooks for cloud-specific threats (e.g., S3 bucket exposure, API token leakage, IAM privilege escalation) and orchestrated responses via SOAR.
• Coordinated cross-functional response efforts involving DevOps, cloud, legal, and compliance stakeholders during high-severity events.
• Conducted RCA and threat modeling for incidents and proposed architectural or procedural changes to prevent recurrence.
• Conducted adversary emulation and purple team exercises in collaboration with Red/Blue teams to identify gaps and validate detection effectiveness.
• Utilized MITRE ATT&CK, Atomic Red Team, and Caldera to simulate attacker behavior across endpoints, cloud, and network layers.
• Translated red team findings into actionable blue team content, continuously refining detection logic and reducing false positives.
• Defined KPIs for SOC operations, detection coverage, and IR efficiency; presented metrics and strategic updates to executive leadership.
• Conducted PoCs for emerging security technologies, evaluating ROI and operational fit for enhanced detection and automation.
• Ensured compliance with regulatory and internal standards (e.g., ISO 27001, SOC 2, GDPR) through monitoring and incident response readiness.

• Detect and identify security incidents in real-time through monitoring systems, logs, and alerts and Analyze incidents to understand the type, severity, and impact on the organization
• Awarded for Achieving Zero Security incidents & escalations in a quarter
• Implemented and developed Cloud infrastructure security with necessary monitoring controls for threat identification and mitigation
• Act as an escalation point for junior team members and point of contact as an Incident Commander for serious (P2-P4) incidents
• Lead and coordinate major investigations and incident response activities
• Independently lead technical programs and large projects
• Responsible for QA/QC program based on People, Process, Technology to improve the overall performance of the team and tools
• Collaborate with stakeholders from other business units to conduct investigations, review plans and procedures, and respond to cyber incidents
• Implemented, documented forensic technologies and techniques to investigate security incidents and gather necessary evidence and conducted a forensics scenario involving stakeholders
• Develop strategies to contain the incident and prevent it from spreading
• Prepare incident reports that detail the nature, scope, and impact of the incident and Conduct post-incident reviews and 'lessons learned' sessions
• Responsible for security controls and process improvement programs to prevent future incidents and Update incident response plans and playbooks based on incident and industry trends
• Conduct simulated attacks (tabletop exercises) to keep the team prepared
• Liaise with law enforcement, regulatory bodies, or third-party cybersecurity consultants as needed
• Manage and configure incident response tools, such as Security Information and Event Management (SIEM) systems

• Implemented and onboarded the SentinelOne EDR solution for the entire organization, and was responsible for POC/POA, endpoint agent onboarding, administering and monitoring EDR for Threats and Incidents
• Implemented DC-DR Architecture for SIEM QRadar
• Accountable for Reviewing Incidents and Escalations Raised by L1 Team
• Threat hunting based on the Log Source categories by correlating and aggregating the various types of logs and converting the same as an use cases
• Addition and deletion of data sources which are onboarded via PUSH, PULL, and using SIEM agents
• Handling Issues in log collection from End data sources such as Firewall, Database, Applications and Servers
• Analyzing, Investigating the security incidents by Creating Use Cases, Aggregation rules, Dashboards, mitigation strategies and Responsible for preparing Security incident report
• Monitoring various event sources for possible intrusion and determine the severity of threat and Creating technology wise document for onboarding data source with SIEM tool
• Analyze the Malware through static and Dynamic analysis with internal sandboxing tools
• Investigating phishing, spam, spoofed emails with headers and email records
• Providing CyberSecurity Dashboards and reports for Technology Committee meetings held by Board of members and Responsible for preparing the Root cause analysis reports based on the threats/analysis
• Hands on experience on Fortiweb WAF with vast experience in onboarding of application, analyzing web application traffic with ML enabled scenario, Signatures, attack patterns & suggesting best practices in application layer defense mechanism
• Performing assessments for Infrastructure Security Risk for Exceptions raised, intrusions, possible intrusions and compromises in IT environment
• Launch and track investigations to resolution
• Recognize attacks based on their signatures
• Differentiates false positives from true intrusion attempts
• Supporting Internal and External audits with relevant evidences and track to closure of audit findings and Conducting cybersecurity awareness to End-Users and engaging them with cybersecurity policies

• Worked in Security Incident and Event Monitoring SIEM platform as L1 – Q-Radar
• Hauling Ad hoc report for various event sources and, customized and scheduled reports as per requirements
• Monitor Security tool’s (SIEM, CrowdStrike, Zscaler) dashboards to keep track of real time security events and perform basic investigations to escalate to next level
• Investigate the security logs, mitigation strategies and Responsible for preparing Generic Security incident report
• Strong investigating Knowledge in CrowdStrike, Zscaler and hands- on experience in Service now ticketing tool
• Perform Health checkup of all the monitoring tools and contributing in preparation of Daily, weekly and monthly reports
• Installation, Configuration, Troubleshooting and connectivity of CISCO ASR, ISR series Routers and Switches
• Well known experience in uploading & upgrading the IOS for CISCO and other Devices
• Configuration, troubleshooting & IOS upgradation in NEXUS 3k, 5k, 7k & 9K devices
• Basic configuration & troubleshooting knowledge in CISCO APIC- ACI core and leaf switches
• Respond and Raise various levels of Cisco TAC calls