Hero
Profile
Experience
Skills
Arsenal
Frameworks
Certs
Contact
Available for Opportunities  ·  Bengaluru, India

Sunil Kumar
Prajapati

8.9+ years defending enterprise environments through proactive threat hunting, advanced incident response, and full-cycle SIEM architecture. I build detection that surfaces what others miss — and respond before damage spreads.

CEH v10 Certified MITRE ATT&CK AI-Augmented SOC UEBA Specialist Open to Work
N E S W
8.9+
YEARS IN
THREAT OPS
0Years Experience
0Enterprise Employers
0SIEM Platforms
0Certifications
Profile

Professional Overview

// EXECUTIVE SUMMARY

Results-driven cybersecurity professional with 8.9+ years of hands-on experience in threat hunting, incident response, SIEM engineering, and security content development. Track record across three enterprise environments — Securonix, Sacumen, and LTIMindtree — delivering end-to-end SIEM implementations, designing MITRE ATT&CK-mapped detection use cases, and running proactive hunting campaigns that surface adversary activity before damage occurs. Early adopter of AI-augmented SecOps workflows (Copilot, ChatGPT) to accelerate analysis and detection. Skilled in stakeholder management, client-facing engagements, and mentoring SOC teams.

Hypothesis-Driven Hunting End-to-End IR SIEM Architecture AI-Augmented SecOps Detection Engineering Client Stakeholder Mgmt UEBA Analytics Parser Development
// HUNTING APPROACH

Operates at the intersection of structured frameworks and adversary intuition — applying Pyramid of Pain prioritisation, Cyber Kill Chain staging, and MITRE ATT&CK TTP mapping to every hunt. Uses KQL, Python, and SOAR to scale human analysis at high log volumes.

// SEEKING ROLES IN
  • Senior Threat Hunter / Hunt Team Lead
  • Incident Response Specialist / IR Lead
  • Detection Engineer / SIEM Architect
  • SOC Manager / Security Engineering Lead
  • Security Consultant (MSSP / Enterprise)
Career History

Professional Experience

Specialist – Information Security
Dec 2022 – Present
LTIMindtree  ·  Bengaluru, India  ·  Current Role
  • Led proactive, hypothesis-driven threat hunting campaigns using AI tools (Microsoft Copilot, ChatGPT) to uncover stealthy attacker behaviour across enterprise environments.
  • Developed and deployed MITRE ATT&CK-mapped detection use cases and correlation rules — improving adversary TTP coverage and reducing mean dwell time.
  • Authored Python scripts to automate phishing email triage — covering header parsing, URL extraction, and attachment hash analysis — drastically cutting manual effort.
  • Engineered KQL-based hunting queries against Microsoft Defender and Sentinel log sources to detect lateral movement, privilege escalation, and persistence TTPs.
  • Performed end-to-end SIEM log source onboarding including log architecture design, parser development, and event flow validation across Windows, Proxy, Network, DB, and App log types.
  • Executed malware and sandbox analysis as part of active hunting engagements to identify zero-day behaviours and attacker tooling gaps.
  • Coordinated with L2 analysts and SOC monitoring teams; escalated confirmed incidents with full investigative context and recommended remediation steps.
Threat HuntingMicrosoft SentinelDefender EDR KQLPythonMITRE ATT&CKAI-SecOps
Senior Analyst – Security Engineering
Sep 2022 – Dec 2022
Sacumen  ·  Bengaluru, India
  • Deployed and integrated ArcSight Smart Connectors for multi-source log ingestion; configured ArcSight ESM from the ground up.
  • Developed new log parsers and updated legacy parsers to normalise event data from Windows Server 2019, SQL Server, and custom application sources.
  • Configured Windows Server 2019 environments; generated and analysed SQL Management Studio 2019 audit logs to support detection engineering requirements.
ArcSight ESMSmart ConnectorsParser DevWindows Server 2019
Cyber Threat & Content Analyst → Cloud Security Engineer
Sep 2017 – Aug 2022
Securonix Pvt Ltd  ·  Bengaluru, India  ·  5 Years

Cyber Threat & Content Analyst (2019–2022)

  • Designed and implemented end-to-end detection use cases on Securonix Snypr — threat models, correlation rules, UEBA policies, and risk-scored dashboards.
  • Built CRP and CFP parser components to ingest and normalise raw logs from Palo Alto, Bluecoat Proxy, Symantec, and 10+ custom data sources.
  • Created entity-centric hunting rules leveraging UEBA attribute mapping to detect insider threats, privilege abuse, and anomalous user behaviour.
  • Analysed Hadoop distributed log stores and Solr indices for large-scale threat correlation; mapped detection to MITRE ATT&CK and Pyramid of Pain.

Cloud Security Engineer – Operations (2017–2019)

  • Installed, configured, and upgraded Securonix SIEM environments; managed patch deployment with assessed business impact.
  • Created security rules, threat models, and dashboards; reported violations through client-facing threat and violations dashboards.
  • Conducted threat hunting and false-positive reduction exercises to continuously tune detection fidelity across live client environments.
Securonix SnyprUEBAUse Case Design Hadoop / SolrSIEM ImplementationInsider Threat
Proficiency

Core Skills

Threat Hunting (Hypothesis-Driven)95%
Incident Response & Triage92%
SIEM Architecture & Implementation95%
MITRE ATT&CK Framework90%
Parser / Detection Rule Development93%
UEBA / Behaviour Analytics88%
KQL (Kusto Query Language)85%
Python (Security Automation)82%
Malware & Phishing Analysis88%
Cloud Security (Azure / Entra ID)80%
PowerShell78%
Big Data (Hadoop / Solr)80%
COMPETENCY RADAR
Threat Hunting Incident Response SIEM Detection Eng UEBA Python Cloud Sec Malware Anal 25 50 75 100
Technical Depth

Technical Arsenal

SIEM Platforms
Securonix SnyprIBM QRadarSplunkArcSight ESMMicrosoft Sentinel
EDR & Endpoint
Microsoft DefenderSymantec EDRCofenseSandbox Analysis
Cloud & Identity
Azure AD / Entra IDAzure PortalIDAMCopilot for Security
Languages & Scripting
PythonKQLPowerShellLinux / BashRegex
Data & Analytics
HadoopApache SolrUEBALog CorrelationBig Data
ITSM & Automation
JIRAServiceNowSOARSOC PlaybooksIncident Mgmt
Methodology

Security Frameworks

MITRE ATT&CK
Maps every detection use case and hunting hypothesis to adversary tactics and techniques across all campaign stages — from initial access to exfiltration.
Primary Hunt Framework
Cyber Kill Chain
Structures threat hunting and incident response strategy across recon, weaponisation, delivery, exploitation, C2, and exfiltration phases.
IR Structuring
Pyramid of Pain
Guides indicator prioritisation — targeting TTPs and tools over transient IOCs to maximise disruption to attacker operations and increase their cost.
Detection Prioritisation
Academic Background

Education

Bachelor of Technology (B.Tech.IT) – Information & Technology
Dr. A.P.J. Abdul Kalam Technical University (AKTU), Lucknow, Uttar Pradesh, India
Government-recognised engineering university · Uttar Pradesh State
Credentials

Certifications & Credentials

Certified Ethical Hacker (CEH v10)
EC-Council
ID: ECC4328910576
CDAC Certified – IT Infrastructure & Security Systems
Centre for Development of Advanced Computing (CDAC)
Government of India Accredited
View Digital Badge Portfolio on Credly
credly.com/users/sunil-prajapati.b90846fb
Get in Touch

Open to Opportunities

Actively exploring senior roles in Threat Hunting, Incident Response, Detection Engineering, SIEM Architecture, and SOC Leadership. If your organisation needs someone who builds detection that finds what others miss — let's connect.