EDR & Threat Hunt
Threat Hunt Analyzer
A scalable Python script to automate Living off the Land (LotL) and process impersonation threat hunting across extensive CrowdStrike logs.
Canadian-trained Cybersecurity Analyst with 4+ years of specialized experience in high-compliance SOC operations, detection engineering, and security automation. Expert at threat hunting, custom SIEM parser design, and scripting Python frameworks to cut analyst triage times by 95%.
Hey! I'm Sohail and I'm a passionate CyberSecurity Enthusiast and Developer. Started in Toronto, Canada, I am currently transitioning back to Hyderabad, India. I served as an IT Security Analyst (SOC Operations) at LifeLabs within a fully remote, high-compliance health-tech security operations team, on a mission to drive proactive defense architectures.
I approach digital security through a software engineering lens. Beyond standard monitoring, I specialize in building active detection capabilities, authoring high-fidelity detection rules, and scripting automated toolsets to drop manual analyst alert triage times by up to 95%.
My core software engineering skills and development frameworks that power my security tooling:
GIAC Continuous Monitoring Certification (SEC511)
Validates top-tier expertise in continuous monitoring, threat analysis, SOC operations management, and architectural defense structures.
Systems Security & Risk Standard
Demonstrates core global competencies in incident response, endpoint node defense, cryptographic protocols, and organizational risk audits.
Certified in Cybersecurity
Establishes rigorous foundational expertise across essential domains of security operations, access controls, and network security.
Developed 5+ custom SIEM parsers for DLP, UBA, and WAF sources to expand detection coverage by 30%. Scripted an automated CrowdStrike CSV log parsing framework in Python, dropping analyst alert triage overheads by 95%. Automated multi-stage threat intelligence Lookups (VT/OTX APIs) and spearheaded Forescout NAC system refreshes.
Orchestrated weekly Qualys VMDR vulnerability scans on core infrastructure and network nodes. Led risk assessments on 50+ software apps and 40+ production server rollouts. Built Selenium-powered Python reporting pipelines to aggregate CrowdStrike analytics (cutting triage overhead by 40%). Led evidence compliance for SOC 2 Type II audits.
Built robust system monitoring solutions using Python and Bash, lowering server downtimes through proactive alarms. Remediated 12+ severe mobile application API security flaws and conducted robust inventory system migrations.
Led comprehensive vulnerability scans across 4,000+ endpoints, yielding a 20% total exposure reduction. Completed forensic investigations on suspicious system binaries and supported Incident Response workflows.
A scalable Python script to automate Living off the Land (LotL) and process impersonation threat hunting across extensive CrowdStrike logs.
Full-stack web application for scanning and analyzing Indicators of Compromise (IOCs) with real-time threat intelligence.
An automated, multithreaded Python script that aggregates Imperva WAF event streams and structures them into SIEM-ready indices.
A CLI tool to enrich IOCs (IPs, domains, hashes) using VirusTotal, AbuseIPDB, and AlienVault OTX APIs.
Lightweight WebApp to search for applications and view their known vulnerabilities. Uses the custom VulScan API.
A free API providing vulnerability data enriched with CISA Known Exploited Vulnerability status, EPSS, and CVSS scores.
Android app to search and save Wikipedia articles. Built with Java and Android SDK using Wikipedia API.
A no-auth, no-session, no-cookie security-focused quiz app. Built with PHP and MySQL.
Android version of the Quizzard app, focusing on secure mobile development practices.
Designed and built a complex virtualized sandbox utilizing HELK (Hunting ELK) and Sysmon. Used to simulate sophisticated adversary TTPs (Tactics, Techniques, and Procedures) and develop robust, high-fidelity custom Sigma rules to capture evasive threat signals.
Active deployment of serverless security tools across Cloudflare and Azure edge infrastructure. Automated real-time, low-latency IOC scanning, threat ingestion, and dynamic reputation scoring pipelines to minimize external API dependencies.
Active developer of defensive security pipelines and direct threat intelligence shares. High participation on platforms like TryHackMe and HackTheBox, maintaining sharp hands-on specialization across defensive Blue-Teaming and incident mitigation paths.
Looking for a dedicated SOC L3 Analyst, Detection Engineer, or Security Automation Specialist in Hyderabad? Reach out directly through the form or my primary contact details below.
Detailed design analysis.