Piyush Benia

Led end-to-end Microsoft Sentinel onboarding, including log-source integration, detection use-case design, and security coverage validation. Designed and optimized high-fidelity detection rules using KQL and regex, strengthening visibility across multiple adversary techniques. Expanded SOC detection coverage by mapping SIEM use cases to MITRE ATT&CK, enabling structured threat tracking and coverage gap identification. Conducted proactive threat hunting across SIEM and EDR telemetry to detect emerging threats and vulnerabilities. Led incident investigations and response, analyzing attacker TTPs and executing containment using Microsoft Defender, Cortex XDR, Cybereason, and CrowdStrike. Automated SOC workflows by developing Cortex XSOAR playbooks for phishing triage, malware containment, endpoint isolation, and alert enrichment, reducing manual effort. Improved SOC operations through a Kanban-based Agile tracking dashboard, enhancing rule lifecycle management and stakeholder visibility. Managed client escalations, compliance assessments (PCI ASV), and vulnerability scanning, ensuring accurate reporting and knowledge-base documentation aligned with security standards. Tools & Technologies: Splunk, Microsoft Sentinel, Cortex XSIAM, Sumo Logic, Cortex XSOAR, QualysGuard, Nessus, Microsoft Defender, Cortex XDR, Cybereason, CrowdStrike Falcon, GuardDuty, Vectra, ServiceNow, Jira, Power BI.

Delivered security consulting and SOC optimization services for global clients by designing automated use cases and combinational playbooks in Microsoft Sentinel. Led Proof of Concept (PoC) and User Acceptance Testing (UAT) initiatives for new security tool integrations, ensuring alignment with operational and security requirements. Drove vulnerability management programs by generating actionable reports and coordinating remediation efforts with stakeholders to meet SLA timelines. Conducted regular configuration reviews and proactive maintenance of SOC tools to maintain a clean, resilient, and compliant security environment. Collaborated with clients to develop use cases, correlation rules, IR procedures, and change management workflows, improving response consistency and quality. Mentored junior security analysts on technical investigations, SOC processes, and documentation best practices.

Performed continuous SIEM monitoring and incident investigation within an MSSP environment, supporting timely detection and mitigation of security events. Investigated botnet activity, DDoS attacks, malware infections, and web application attacks using firewall, IDS/IPS, WAF, and endpoint telemetry. Conducted cloud security investigations & identifying responding to anomalous activities. Executed dark web and threat intelligence monitoring to identify potential customer data leakage and emerging risks. Managed vulnerability lifecycle tracking, coordinating with product owners until risks were mitigated. Initiated forensic triage during incidents using Autopsy and supporting cyber forensic utilities.

Provided Level-2 technical support for TELUS Communications (Canada), resolving complex network issues within defined SLAs. Proactively monitored customer network links for outages and utilization anomalies, reducing downtime through early escalation. Supported security operations by analyzing logs, maintaining threat repositories, and assisting offshore/onshore coordination.